aslr

I was reading about the DLL injection technique, and I had this question in mind. Let us assume we want to inject a DLL into a destination process in Windows 7 which has ASLR enabled for kernel32.dll So any piece of the injected code can't use any winapi or any system call since the address of let's say loadLibrary function in the injector code will differ from the address loadLibrary in the destination process, Won't it ? So such a call to CreateRemoteThread won't work: CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE) ::GetProcAddress(hKernel32, "LoadLibraryA" ), pLibRemote, 0,

I'm working on a runtime system for parallel programs that can take advantage of a common address space layout across multiple processes, potentially spread over several (thousand) nodes. Many times, software built for this environment is run on Linux systems that have address space randomization enabled by default, and users may not want or be able to disable it system-wide (via sysctl -w kernel.randomize_va_space=0 and the like). This imposes some limitations on the parallel programs, and can hurt performance. Thus, we want to figure out how to disable it for the binaries that we build.

How do you disable ASLR on Windows 7 x64 so that my program will always load the shared CRT at the same address? A registry setting is available to forcibly enable or disable ASLR for all executables and libraries and is found at HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\MoveImages . Mr. S Previously you had to opt in to allowing the linker to use ASLR. Now, you have to opt out : /DYNAMICBASE[:NO] (Visual Studio 2012: Configuration Properties -> Linker -> Advanced -> "Randomized Base Address") You can also do it programmatically . josh The Enhanced Mitigation

On AMD64 compliant architectures, addresses need to be in canonical form before being dereferenced. From the Intel manual, section 3.3.7.1 : In 64-bit mode, an address is considered to be in canonical form if address bits 63 through to the most-significant implemented bit by the microarchitecture are set to either all ones or all zeros. Now, the most significat implemented bit on current operating systems and architectures is the 47th bit. This leaves us with a 48-bit address space. Especially when ASLR is enabled, user programs can expect to receive an address with the 47th bit set. If

I would like to disable address space layout randomization (ASLR) on my system (Ubuntu Gnu/Linux 2.6.32-41-server), but, if I use sysctl -w kernel.randomize_va_space=0 the change would affect all users on the system, I presume. (Is this true?) How can I limit the effects of disabling ASLR to myself as a user only, or only to the shell session in which I invoke the command to disable? BTW, I see that my system's current (default) setting is sysctl -w kernel.randomize_va_space=0 Why 2 and not 1 or 3? Where can I find documentation about the numerical values of /proc/sys settings, their ranges,