Questions tagged [aslr]

Address space layout randomization (ASLR) is a computer security technique which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process's address space.

Address space randomization hinders some types of security attacks by making it more difficult for an attacker to predict target addresses. For example, attackers trying to execute return-to-libc attacks must locate the code to be executed, while other attackers trying to execute shellcode injected on the stack have to find the stack first. In both cases, the system obscures related memory-addresses from the attackers. These values have to be guessed, and a mistaken guess is not usually recoverable due to the application crashing.

Wikipedia's page about ASLR

197 questions

votes

3 answers

Forcing Windows to load DLL's at places so that memory is minimally fragmented

My application needs lots of memory and big data structure in order to perform its work. Often the application needs more than 1 GB of memory, and in some cases my customers really need to use the 64-bit version of the application because they have…

asked Nov 17 '11 at 16:15

Patrick

23,217
12
67
130

votes

1 answer

Beginning of stack on Linux

I thought I could get the beginning of my process stack by taking the address of a variable in main and rounding up to a page boundary (considering that my stack grows down). I compared this to the boundary reported by /proc/self/maps and it's…

c linux memory stack-memory aslr

asked Feb 05 '19 at 21:51

Petr Skocik

58,047
6
95
142

votes

1 answer

Why the addresses of local variables can be different every time?

I've asked Google and did some research on StackOverflow. My question is that when I enter the main() function in a C++ program and declare the very first variable, why is it that the address of this variable can vary upon different executions?…

c++ c memory virtual-memory aslr

asked Jan 20 '16 at 19:24

TimeString

1,778
14
25

votes

1 answer

ASLR Entropy Bits for Stack on Linux

I am looking at a presentation from MIT where they explain different types of ASLR implementations. For example, they point out that for static ASLR, stack has 19-bits of entropy. In my understanding, this means the stack base address can only be…

linux stack 32-bit entropy aslr

asked Mar 11 '16 at 04:55

Jake

16,329
50
126
202

votes

2 answers

How does Apples's own ASLR implementation work?

According to ASLR(Address Space Layout Randomization), It provides random stack and heap allocations and page load every time a process starts, and randomize the address where objects are placed in virtual space of a given process. But in my…

ios linux memory aslr

asked Apr 14 '12 at 09:30

timestee

1,086
12
36

votes

1 answer

With ASLR turned on, are all sections of an image get loaded at the same offsets relative to the image base address every time?

Do different sections of libc (such as .text, .plt, .got, .bss, .rodata, and others) get loaded at the same offset relative to the libc base address every time? I know the loader loads libc at a random location every time I run my program. Thank…

c++ c linux x86-64 aslr

asked Jan 19 '18 at 18:07

masec

votes

1 answer

Force gdb to load shared library at randomized address

I'm debugging a shared library. I found that the bug can be trigger when I enable ASLR in Linux host, while the bug disappears when ASLR is disabled. I want to further debug the shared library with gdb. But I found it always loaded the shared…

gdb aslr

asked May 12 '17 at 18:11

xywang

votes

1 answer

Address canonical form and pointer arithmetic

On AMD64 compliant architectures, addresses need to be in canonical form before being dereferenced. From the Intel manual, section 3.3.7.1: In 64-bit mode, an address is considered to be in canonical form if address bits 63 through to the…

x86-64 access-violation memory-address pointer-arithmetic aslr

asked Aug 16 '16 at 14:35

Banex

2,890
3
28
38

votes

2 answers

How can ASLR be effective?

I've heard the theory. Address Space Location Randomization takes libraries and loads them at randomized locations in the virtual address space, so that in case a hacker finds a hole in your program, he doesn't have a pre-known address to execute a…

security aslr

asked Oct 03 '10 at 21:08

Mason Wheeler

82,511
50
270
477

votes

1 answer

Does ASLR cause a slow loading of Dlls?

In MSVC, the Base Address Randomizaiton is a default option.(Since VS2005?) So, I do not rebase manually the dll's base address anymore. But I rebased my all dlls to improve loading performance when I use VS2003. If I use ASLR option, the loading…

windows visual-studio dll aslr

asked Sep 01 '10 at 11:40

Benjamin

10,085
19
80
130

votes

1 answer

How do I enable DEP or ASLR for my .NET application?

I'm writing my program in VS2010 and the build target is .NET 4. I believe that the DEP compatibility flag is on by default. Is that true? Is .NET also compatible by default with ASLR, and is ASLR turned on by default for my process, or do I have…

.net security aslr data-execution-prevention

asked Jul 03 '10 at 19:59

Scott Whitlock

13,739
7
65
114

votes

2 answers

Address Space Layout Randomization in C Compilers

If I am not mistaken, ASLR will make the local variables in C compilers have a different address each time I run the program. But when I tried it in Turbo C++ and Dev-CPP IDE, it just returns a similar address for local variables. The code i…

c memory-management aslr

asked Aug 04 '14 at 07:00

paul

votes

2 answers

Why aren't glibc's function addresses randomized when ASLR is enabled?

In trying to understand ASLR, I built this simple program: #include #include int main() { printf("%p\n", &system); return 0; } ALSR seems to be enabled: $ cat /proc/sys/kernel/randomize_va_space 2 and I used GCC to…

c linux gcc glibc aslr

asked Jul 27 '14 at 19:47

webbhorn

votes

1 answer

Exploiting a string-based overflow on x86-64 with NX (DEP) and ASLR enabled

Consider the following vulnerable code/program: #include int main(int argc, char *argv[]) { char buf[16]; strcpy(buf, argv[1]); return 0; } On IA-32 (x86, 32-bit) running Linux with NX and ASLR enabled, I would exploit this…

linux x86-64 buffer-overflow aslr dep

asked Jul 11 '13 at 09:35

Propantriol

votes

2 answers

Address Space Layout Randomization( ALSR ) and mmap

I expect that due to Address Space Layout Randomization (ALSR) a process forked from another process will have different addresses returned when calling mmap. But as I found out, that was not the case. I made the following test program for that…

c linux gcc x86-64 aslr

asked Feb 28 '12 at 15:56

MetallicPriest

29,191
52
200
356

Prev 1

…

13 14 Next