Stack Overflow
Stack Overflow

Questions tagged [aslr]

Address space layout randomization (ASLR) is a computer security technique which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process's address space.

Address space layout randomization (ASLR) is a computer security technique which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process's address space.

Address space randomization hinders some types of security attacks by making it more difficult for an attacker to predict target addresses. For example, attackers trying to execute return-to-libc attacks must locate the code to be executed, while other attackers trying to execute shellcode injected on the stack have to find the stack first. In both cases, the system obscures related memory-addresses from the attackers. These values have to be guessed, and a mistaken guess is not usually recoverable due to the application crashing.

Wikipedia's page about ASLR

197 questions
138
votes
2 answers

What is the -fPIE option for position-independent executables in gcc and ld?

How will it change the code, e.g. function calls?
osgx
  • 90,338
  • 53
  • 357
  • 513
41
votes
3 answers

Disable randomization of memory addresses

I'm trying to debug a binary that uses a lot of pointers. Sometimes for seeing output quickly to figure out errors, I print out the address of objects and their corresponding values, however, the object addresses are randomized and this defeats the…
0fnt
  • 8,211
  • 9
  • 45
  • 62
32
votes
4 answers

How do you disable ASLR (address space layout randomization) on Windows 7 x64?

How do you disable ASLR on Windows 7 x64 so that my program will always load the shared CRT at the same address?
user541686
  • 205,094
  • 128
  • 528
  • 886
29
votes
1 answer

Documented way to disable ASLR on OS X?

On OS X 10.9 (Mavericks), it's possible to disable address space layout randomization for a single process if you launch the process by calling posix_spawn() and passing the undocumented attribute 0x100. Like this: extern char **environ; pid_t…
Gareth Rees
  • 64,967
  • 9
  • 133
  • 163
24
votes
2 answers

Disable and re-enable address space layout randomization only for myself

I would like to disable address space layout randomization (ASLR) on my system (Ubuntu Gnu/Linux 2.6.32-41-server), but, if I use sysctl -w kernel.randomize_va_space=0 the change would affect all users on the system, I presume. (Is this true?) …
Amittai Aviram
  • 2,270
  • 3
  • 25
  • 32
17
votes
1 answer

Why is the address of __libc_start_main always the same inside GDB even though ASLR is on?

Breakpoint 1, 0x00007ffff7de8060 in __libc_start_main () from /usr/lib/libc.so.6 (gdb) r The program being debugged has been started already. Start it from the beginning? (y or n) y Starting program:…
Chen Li
  • 4,824
  • 3
  • 28
  • 55
17
votes
3 answers

How to disable address space randomization for a binary on Linux?

I'm working on a runtime system for parallel programs that can take advantage of a common address space layout across multiple processes, potentially spread over several (thousand) nodes. Many times, software built for this environment is run on…
Phil Miller
  • 36,389
  • 13
  • 67
  • 90
15
votes
2 answers

Does ASLR mean rebasing dlls isn't required?

Am I right in thinking there is no point in rebasing our dlls during our build if we use ASLR as the dlls will be rebased again anyway when the kernel comes to load them? I am concerned that our application is often used on Terminal Services…
Scott Langham
  • 58,735
  • 39
  • 131
  • 204
14
votes
1 answer

ELF, PIE ASLR and everything in between, specifically within Linux

Before asking my question, I would like to cover some few technical details I want to make sure I've got correct: A Position Independent Executable (PIE) is a program that would be able to execute regardless of which memory address it is loaded…
some_random_guy_iam
  • 169
  • 1
  • 1
  • 6
13
votes
2 answers

Enable Safe Exception Handling in C++ Builder

For Windows 8 application certification, there are (among other) these requirements: 3.2 Your app must be compiled using the /SafeSEH flag to ensure safe exceptions handling 3.3 Your app must be compiled using the /NXCOMPAT flag to prevent data…
Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
12
votes
1 answer

How to know whether a dll uses ASLR or not?

how to check whether a certain dll uses ASLR or not ? lets take for example kernel32.dll, does it use ASLR or not ? and how to check other dlls ... thanks ..
CnativeFreak
  • 712
  • 12
  • 27
11
votes
2 answers

Difference between ASLR and PIE

I'm not sure whether I understand the difference between ASLR and PIE. According to me, ASLR is an OS option, whereas PIE is a compilation option. What happens if I run a no-PIE program on an OS with ASLR enabled? What happens if I run a PIE…
Bob5421
  • 7,757
  • 14
  • 81
  • 175
9
votes
1 answer

Why doesn't Windows keep randomizing the base address of my executable?

I've made a simple C-program that simply prints the address of main() at execution: printf("%08X\n", &main); I compile it with Visual C++ 2015 with the parameter /DYNAMICBASE, for x86 (same thing happens when compiling for x64). First two times I…
Thomas
  • 367
  • 1
  • 14
9
votes
0 answers

Provide a random seed to ASLR on Linux

There is an option to enable or disable stack randomization but is there way to supply the ASLR algorithm with a seed to make it deterministic? EDIT: The context is as follows: a memory bug I have pops up one out of ten executions under ASLR and…
Alex Zhi
  • 183
  • 5
9
votes
1 answer

Stack Buffer Overflow: Works on GDB, doesn't outside it

I readed about Stack located Buffer Overflows a long time ago, but decided to set up a virtual machine and actually see them in practice. The following code was the vulnerable program: #include void go(char *data){ char name[64]; …
murphsghost
  • 161
  • 1
  • 7
1
2 3
13 14