Questions tagged [aslr]

Address space layout randomization (ASLR) is a computer security technique which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process's address space.

Address space randomization hinders some types of security attacks by making it more difficult for an attacker to predict target addresses. For example, attackers trying to execute return-to-libc attacks must locate the code to be executed, while other attackers trying to execute shellcode injected on the stack have to find the stack first. In both cases, the system obscures related memory-addresses from the attackers. These values have to be guessed, and a mistaken guess is not usually recoverable due to the application crashing.

Wikipedia's page about ASLR

197 questions

votes

1 answer

Windows 8 heap randomization

Does the heap randomization algorithm (for allocating heap memory) in windows 8 works both for 32 and 64 bit processes? or only for 64 bit processes? Thanks!

asked Sep 28 '14 at 13:07

1337

votes

1 answer

How to enable ASLR in a Windows PE binary?

How do i enable Address Space Layout Randomization of an executable? Note: i am not using Visual Studio, or any compiler that provides a /dynamicbase compiler option. For the purposes of this discussion, assume i am adding functionality to a…

aslr

asked Sep 25 '13 at 18:28

Ian Boyd

246,734
253
869
1,219

votes

2 answers

How to force OS (Windows) to allocate same addresses to my program for each debug session?

After a long debugging effort, I found out that my application probably writes a wrong value to address 0x5b81730. I would like to find out which part of my code does this. Some time ago, when I used Windows XP, this would be very easy. I would…

c++ debugging windows-7 memory-corruption aslr

asked Feb 28 '13 at 13:56

anatolyg

26,506
9
60
134

votes

1 answer

ASLR limitations on Linux

I tried for fun to "improve" ASLR on my own x86 32-bit machine by modifying arch_align_stack() in process.c by increasing the second argument to modulo in: if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space) sp -=…

c linux linux-kernel aslr

asked Oct 04 '12 at 19:42

csstudent2233

votes

1 answer

What's the purpose of ASLR on android?

Android 4.0 added ASLR http://developer.android.com/sdk/android-4.0-highlights.html#DeveloperApis Afaik, ASLR is mainly useful to avoid letting some malicious code leak/put a payload in another library when exploiting a buffer overflow…

android aslr

asked Oct 19 '11 at 10:22

berdario

1,851
18
29

votes

1 answer

Put a breakpoint with GDB in function without symbols

I debug a remote Linux process with GdbServer. And I want to put a breakpoint in some function. The problem is that this process use ASLR so each time that process load in another address. I can watch in /proc/PID/maps the base address of the…

linux debugging gdb gdbserver aslr

asked Sep 15 '22 at 20:49

Kokomelom

votes

0 answers

Operation not permitted when gdb tries to disable address space randomization

My question is similar to this problem: warning: Error disabling address space randomization: Operation not permitted Except, I am not using docker but google colab(Ubuntu 18.04.3). So, the solution does not seem to work for me. Based on the site,…

gdb aslr

asked Apr 27 '22 at 15:46

Dark Delusion

votes

1 answer

ASLR and memory layout on 64 bits: Is it limited to the canonical part (128 TiB)?

When loading a PIE executable with ASLR enabled, will Linux restricts the mapping of the program segments to the canonical section (up to 0000_7fff_ffff_ffff) or will it use the full lower section (starting bit 0)?

linux security x86-64 memory-address aslr

asked Nov 27 '21 at 18:31

Aaa Bbb

votes

1 answer

ROP faild on linux even when ASLR and stack compiler protector are disabled

I tern off the ASLR and tern of the gcc stack protector. And I wrote C vulnerable code and I tried to overflow the buffer so I check how many character need for the crash. And I tried to change the return address , to another function but I got a…

c linux aslr buffer-overrun

asked Nov 02 '20 at 11:54

jonatan haish

votes

2 answers

why non-pic code can't be totally ASLR using run-time fixups?

I understand that PIC code makes ASLR randomization more efficient and easier since the code can be placed anywhere in memory with no change in code. But if i understand right according to Wikipedia relocation dynamic linker can make "fixups" at…

linux x86-64 elf aslr position-independent-code

asked Oct 07 '20 at 19:51

KMG

1,433
1
8
19

votes

1 answer

My buffer overflow exploit only opens a regular user shell but not a root shell

I've been trying to get this very simple buffer overflow to work on my local kali machine, and after a lot of trial and error I finally got it to the point that it executes my shellcode and opens a /bin/bash shell - however, it's just a regular…

c root buffer-overflow exploit aslr

asked Oct 05 '20 at 18:37

Geek Girl x0x0

votes

2 answers

ASLR and Windows System DLLs for non-aware executables?

From a Microsoft article: Address Space Layout Randomization (ASLR) ASLR moves executable images into random locations when a system boots, making it harder for exploit code to operate predictably. For a component to support ASLR, all …

windows dll kernel32 aslr

asked Jun 18 '11 at 13:10

Martin Ba

37,187
33
183
337

votes

3 answers

ASLR bruteforcing

I have been trying to bruteforce the ASLR implementation on my machine, for practice. First, I make sure that ASLR is turned on. cat /proc/sys/kernel/randomize_va_space 1 The machine I am using is :- bt ~ # uname -a Linux bt…

c security buffer-overflow brute-force aslr

asked May 15 '11 at 07:25

user277465

votes

2 answers

Position-independent executable: What is "main executable binary"?

When reading https://en.wikipedia.org/wiki/Address_space_layout_randomization, I encountered a term: Position-independent executable (PIE) implements a random base address for the main executable binary and has been in place since 2003. It…

c terminology aslr

asked Jan 16 '20 at 13:59

Chen Li

4,824
3
28
55

votes

1 answer

Address Space Layout Randomization (ALSR) on macOS

I have a question about Address Space Layout Randomization (ALSR) on macOS. According to Apple (2016), "If you are compiling an executable that targets macOS 10.7 and later or iOS 4.3 and later, the necessary flags [for ASLR] are enabled by…

c macos aslr

asked Dec 29 '19 at 23:19

Rudolf Adamkovič

31,030
13
103
118

Prev 1 2 3

…

13 14 Next