Stack Overflow
Stack Overflow

Questions tagged [aslr]

Address space layout randomization (ASLR) is a computer security technique which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process's address space.

Address space layout randomization (ASLR) is a computer security technique which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process's address space.

Address space randomization hinders some types of security attacks by making it more difficult for an attacker to predict target addresses. For example, attackers trying to execute return-to-libc attacks must locate the code to be executed, while other attackers trying to execute shellcode injected on the stack have to find the stack first. In both cases, the system obscures related memory-addresses from the attackers. These values have to be guessed, and a mistaken guess is not usually recoverable due to the application crashing.

Wikipedia's page about ASLR

197 questions
5
votes
0 answers

What addresses does ASLR randomise in linux?

From what I understand: There is a memory management unit on the CPU which controls access to the actual memory. Any memory calls flow through this unit which converts virtual addresses to real memory addresses. This allows the computer to have a…
user13392352
  • 164
  • 10
5
votes
2 answers

ASLR and DEP in Delphi, How to tell?

From http://blogs.msdn.com/b/michael_howard/archive/2007/04/04/codegear-s-new-delphi-2007-supports-aslr-and-nx.aspx, I am using {$SETPEOPTFLAGS $140} in my project file right under the program name to get address space layout randomization (ASLR)…
BrownFox97
  • 393
  • 1
  • 3
  • 9
5
votes
1 answer

Enable ASLR in GDB

I know that GDB disables ASLR for applications it debugs. Is there a way to enable ASLR inside GDB? I have a bug that I can only reproduce with ASLR enabled. Thanks,
user1637056
  • 382
  • 3
  • 18
5
votes
2 answers

How to find load relocation for a PIE binary?

I need to get base address of stack inside my running process. This would enable me to print raw stacktraces that will be understood by addr2line (running binary is stripped, but addr2line has access to symbols). I managed to do this by examining…
MateuszL
  • 2,751
  • 25
  • 38
5
votes
1 answer

How is the address of the text section of a PIE executable determined in Linux?

First I tried to reverse engineer it a bit: printf ' #include int main() { puts("hello world"); } ' > main.c gcc -std=c99 -pie -fpie -ggdb3 -o pie main.c echo 2 | sudo tee /proc/sys/kernel/randomize_va_space readelf -s ./pie | grep -E…
Ciro Santilli OurBigBook.com
  • 347,512
  • 102
  • 1,199
  • 985
5
votes
2 answers

How can global variables' addresses be randomized if they're hardcoded inside the ELF?

I've read in a few places that ASLR is supposed to load the .data section at random addresses each time a program is run, which means the addresses of global variables should be different. However, if I have the following code: int global_var =…
Martin
  • 940
  • 6
  • 26
5
votes
3 answers

Microsoft's ASLR is weird

I watched a ASLRed dll images's based address for 32bit Process. It's not a fully randomization. It just randomizated 1/2 probability. For example, once I load a dll then the image is loaded on 0x12345678. And I load the image again, the image is…
Benjamin
  • 10,085
  • 19
  • 80
  • 130
5
votes
1 answer

Bypassing Windows ASLR by determining the library address using shared pages

I am quite familiar with ASLR, but today I heard a new interesting fact about the implementation of ASLR in Windows. In order to optimize performance if process A and B load the same dll Windows will only load it once to physical memory and both…
Michael
  • 796
  • 11
  • 27
5
votes
2 answers

Calculating addresses in NOP sleds

I am currently reading Introduction to computer systems : a programmer's perspective…
user720694
  • 2,035
  • 6
  • 35
  • 57
5
votes
1 answer

How can I enable PIE/ASLR in my monotouch application?

There is an option in XCode Build Settings called "Don't Create Position Independent Executables". This is straight-forward to enable here. However, I'm using MonoDevelop and MonoTouch to develop my application, and I cannot find the equivalent…
Dale Smith
  • 88
  • 3
5
votes
1 answer

What is Stack Randomization and how does it prevent buffer overflow attack?

I read from a book that Buffer Overflow might be used as a way to inject exploit code which will attack a system. And Stack Randomization is one of those effective ways to prevent such attacks. I can't understand what is Stack Randomization and how…
Alcott
  • 17,905
  • 32
  • 116
  • 173
4
votes
1 answer

Finding mapped memory from inside a process

Setup: Ubuntu 18x64 x86_64 application Arbitrary code execution from inside the application I'm trying to write code which should be able to find structures in memory even with ASLR enabled. Sadly, I couldn't find any static references to those…
reijin
  • 133
  • 10
4
votes
2 answers

How to disable address randomization (ASLR) from an ELF file?

Solved: The solution was calling personality(0x40000). See details below in the comments. Where does the ASLR flag resides within an ELF file? I need to disable ASLR for a specific library (.so). I've tried using objdump but I couldn't find out how…
John
  • 43
  • 1
  • 4
4
votes
1 answer

How can I enable ASLR, DEP and SafeSEH on an exe in codeblocks using mingw?

I have tried using -dynamicbase -pie and -e_mainCRTStartup in linker options for ASLR but when I load it up in ollydbg it always loads at 400000
shawn
  • 4,063
  • 7
  • 37
  • 54
4
votes
1 answer

ASLR brute force

I just read about Address Space Layout Randomization and I tried a very simple script to try to brute force it. Here is the program I used to test a few things. #include #include int main (int argc, char **argv) { char…
Cahu
  • 249
  • 2
  • 9
1 2
3
13 14