Address Space Layout Randomisation (ASLR) is a technology used to help prevent shellcode from being successful. It does this by randomly offsetting the location of modules and certain in-memory structures.
Questions tagged [aslr]
92 questions
5
votes
3 answers
ASLR: why do only 12 bits change on 32bit system?
I've been reading the posts here about bypassing ASLR. On 32bit systems this appears to be trivial but I was surprised to see how trivial. It takes mere seconds to bruteforce ASLR address'. The reason seems to be that according to my tests only 12…
Juicy
- 1,447
- 4
- 17
- 33
3
votes
1 answer
Why is ASLR not performed at less than page granularity?
What technical reasons are preventing ASLR from being randomized to a byte offset? On Linux it's to a 4kb page and on Windows to a 64kb region.
Ffffffff
- 31
- 2
2
votes
2 answers
What CWE can be used to best describe ASLR being disabled on a process?
I am in the process of writing up a vulnerability report for a thick client application. One of the findings for the executable is ASLR being disabled. As part of reporting, I'm required to provide a CWE to the client that best describes the…
eliteparakeet
- 243
- 2
- 7
1
vote
0 answers
NX + ASLR bypass - troubles with return address of .bss
I have one problem, while doing NX + ASLR bypass. I'm going through this tutorial step-by-step.
Everything is going well, I have prepared my exploit, just with another address and some small modifications:
#!/usr/bin/python
from struct import…
core2dump
- 11
- 2
1
vote
1 answer
Why would modern OS allocate static addresses or why is ASLR still needed?
I have a question about ASLR which allocates randomized addresses for things. Based on my understanding (which might be wrong), a modern OS has pretty complicated memory management mechanisms and it seems REALLY challenging to allocate the same…
ios learner
- 145
- 3
1
vote
0 answers
Fedora 3 Disable Address Randomization
I want to disable address space layout randomization on my Fedora 3 virtual machine. I tried to go to /proc/sys/kernel/randomize_va_space. Unlike normal Linux machine, such a file doesn't exist on Fedora 3. How do I disable ASLR for Fedora 3? Is the…
Jonah
- 19
- 2
0
votes
1 answer
Fixed offset in linux ASLR?
I just printed function addresses and offset between two functions, but the offset is fixed whenever the program is executed (base address is only changed).
Code (test.c)
#include
#include
void func() {
…
user257164
- 103
- 2
0
votes
1 answer
Why are stack address the same all the time when not using ASLR?
In an answer to How do ASLR and DEP work? Polynomial says:
In a non-ASLR and non-DEP process, the stack address is the same every time we run the process. We know exactly where it is in memory.
I don't understand how that could be. Isn't RAM…
james6125
- 219
- 1
- 8