Questions tagged [aslr]

Address space layout randomization (ASLR) is a computer security technique which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process's address space.

Address space randomization hinders some types of security attacks by making it more difficult for an attacker to predict target addresses. For example, attackers trying to execute return-to-libc attacks must locate the code to be executed, while other attackers trying to execute shellcode injected on the stack have to find the stack first. In both cases, the system obscures related memory-addresses from the attackers. These values have to be guessed, and a mistaken guess is not usually recoverable due to the application crashing.

Wikipedia's page about ASLR

197 questions

votes

1 answer

Why does the stack have to be page aligned?

In Linux, I've tried (just for fun) to modify the kernel source in process.c create a stack address that has more entropy, i.e. in particular the line: sp -= get_random_int() % 8192; When I change this too much, the kernel halts or I get some…

asked Aug 14 '12 at 18:01

csstudent2233

votes

2 answers

Would ASLR cause friction for the address with DLL injection?

I was reading about the DLL injection technique, and I had this question in mind. Let us assume we want to inject a DLL into a destination process in Windows 7 which has ASLR enabled for kernel32.dll So any piece of the injected code can't use any…

winapi dll inject aslr createremotethread

asked Dec 19 '11 at 23:23

CnativeFreak

votes

0 answers

Security: How come we still hear about many stack execution security flaws?

Security: How come we still hear about many stack execution security flaws even though mechanisms such as NX bit DEP and ASLR exist so many years ? Have hackers found ways to circumvent these ? When looking through relatively recent fixed security…

security exploit aslr nomachine-nx dep

asked Dec 18 '11 at 09:50

thedrs

1,412
12
29

votes

0 answers

Why does the address of libc.so always change

I have recently been looking into ELF binaries and how functions are called using GOT and PLT in an ELF file. When a function is called this is what occurs as far as i know: function is called a jump is a made to PLT specifically the functions plt…

c assembly elf dynamic-linking aslr

asked Jan 10 '22 at 13:40

programme3219873

votes

2 answers

Disabling ASLR in Mac OS X Snow Leopard

Essentially I want to disable ASLR in Mac OS X Snow Leopard and use gcc todo some buffer overflowing and stack overflows. Anyone know how to disable ASLR?

c macos security osx-snow-leopard aslr

asked Jun 12 '11 at 23:57

Janet A. Carr

votes

0 answers

Is a program's maximum stack size a constant value?

I'm running on Linux version 5.0.0-29-generic, with a maximum stack size of 8192KBytes. Is it always 8192 KBytes? void main() { char arr[8384000] = {}; int x = 3; } I've run this code, and it only seg-faulted 50% of the time, I wonder why…

c linux segmentation-fault aslr

asked Mar 26 '20 at 10:06

manish ma

1,706
1
14
19

votes

1 answer

Is there some sort of ASLR protection on Android?

I want to know if someone could access libraries with function addresses that would be the same from one instance of the program to the other?

android android-emulator aslr

asked May 06 '11 at 22:43

Dpp

1,926
1
18
26

votes

0 answers

get address for addr2line in -pie binary inside program

I want my program to print backtraces that will be usable by addr2line after program finishes. On ubuntu 14.04 this was achieved by following code: void bt() { constexpr int MAX_STACK = 30; void *array[MAX_STACK]; auto size =…

c++ linux backtrace aslr position-independent-code

asked Mar 06 '19 at 14:31

MateuszL

2,751
25
38

votes

3 answers

Address space layout randomization and structures in C

I have this structure: struct Books { char title[50]; char author[50]; }; Let's say that I know that if I pass arg1 to the program, in some part of the code, it adds some chars in the direction $title+52, so the author value is overwritten…

c memory struct buffer-overflow aslr

asked Oct 17 '18 at 15:35

Miguel.G

votes

1 answer

Fixed base address in MSVC2015

I am attempting to debug a memory leak within my application. The leaked object is somewhat difficult to identify (before destroying the heap), and there are many similar objects created. If it were to have the same address each session, it would…

c++ visual-c++ aslr

asked Oct 24 '16 at 05:15

MuertoExcobito

9,741
2
37
78

votes

1 answer

Why does ASLR not seem to be working

I checked if ASLR is enabled as follows and I think it is: [user@localhost test]$ cat /proc/sys/kernel/randomize_va_space 2 I tried testing it with the following program: test.c: #include int main(void) { printf("%p\n", main); …

c linux aslr

asked Aug 07 '16 at 20:08

Baruch

20,590
28
126
201

votes

1 answer

How exactly the Linux ASLR randomizes the stack location

I'm using a 32-bit x86 Ubuntu desktop. I looked at the /proc/[pid]/mmaps, and found the stack base address always changes (e.g. 0xbfe76000 in the following case). So I guess the kernel (or the ELF loader) must randomize the stack location every time…

linux elf aslr

asked May 19 '16 at 15:48

xiaogw

votes

0 answers

Loading FIPS OpenSSL DLL at a fixed base address on Windows

A FIPS validated OpenSSL library must load libeay32.dll at a fixed address. This is indicated, for example, at: Fixed address is occupied in .NET Using techniques described at: IIS7 App Pool can't load library with Fixed Base Address, and How do you…

windows dll openssl fips aslr

asked Feb 28 '16 at 01:05

asavige

votes

0 answers

32 Bit ASLR - Ranges?

I know that the maximum size of a program stack which can be used on my machine is 8192 kbytes (according to ulimit -a | grep "stack size"). I also know that Linux uses ASLR. I use a 64-bit system with the gcc compilerflag -m32. Is it therefore…

c stack aslr

asked Nov 18 '15 at 19:54

今天春天

votes

1 answer

How to get memory address of tables (Te0, Te1, ...) in openssl AES?

The aim is to get the address of the precomputed tables in the openssl implementation of AES. These tables are contained in the aes_core.c file and named Te0, Te1, etc. I am trying to do it using the info address SYMBOL_NAME command in gdb. So these…

openssl gdb aes symbols aslr

asked Oct 30 '14 at 00:02

Marco Chiappetta

Prev 1 2 3

…

13 14 Next