With ASLR turned on, are all sections of an image get loaded at the same offsets relative to the image base address every time?

杀马特。学长 韩版系。学妹 提交于 2019-12-10 21:29:04

问题


Do different sections of libc (such as .text, .plt, .got, .bss, .rodata, and others) get loaded at the same offset relative to the libc base address every time?

I know the loader loads libc at a random location every time I run my program.

Thank you in advance.


回答1:


I guess I found the answer to my own question. I wrote a pin-tool using Intel PIN that on every libc section get loaded outputs the section offset relative to the address of libc. Here are the sections having get loaded at same offsets with their corresponding offsets (the thing before - is the library name which is libc with its version and what comes after that is the section name):

libc.so.6-.note.gnu.build-id             0x0000000000000270
libc.so.6-.note.ABI-tag                  0x0000000000000294
libc.so.6-.gnu.hash                      0x00000000000002b8
libc.so.6-.dynsym                        0x0000000000003d80
libc.so.6-.dynstr                        0x0000000000010ff8
libc.so.6-.gnu.version                   0x00000000000169d8
libc.so.6-.gnu.version_d                 0x0000000000017b68
libc.so.6-.gnu.version_r                 0x0000000000017ee0
libc.so.6-.rela.dyn                      0x0000000000017f10
libc.so.6-.rela.plt                      0x000000000001f680
libc.so.6-.plt                           0x000000000001f7c0
libc.so.6-.plt.got                       0x000000000001f8a0
libc.so.6-.text                          0x000000000001f8b0
libc.so.6-__libc_freeres_fn              0x0000000000172b10
libc.so.6-__libc_thread_freeres_fn       0x0000000000175030
libc.so.6-.rodata                        0x0000000000175300
libc.so.6-.stapsdt.base                  0x0000000000196650
libc.so.6-.interp                        0x0000000000196660
libc.so.6-.eh_frame_hdr                  0x000000000019667c
libc.so.6-.eh_frame                      0x000000000019bb38
libc.so.6-.gcc_except_table              0x00000000001bc3cc
libc.so.6-.hash                          0x00000000001bc810
libc.so.6-.tdata                         0x00000000003c07c0
libc.so.6-.tbss                          0x00000000003c07d0
libc.so.6-.init_array                    0x00000000003c07d0
libc.so.6-__libc_subfreeres              0x00000000003c07e0
libc.so.6-__libc_atexit                  0x00000000003c08d8
libc.so.6-__libc_thread_subfreeres       0x00000000003c08e0
libc.so.6-.data.rel.ro                   0x00000000003c0900
libc.so.6-.dynamic                       0x00000000003c3ba0
libc.so.6-.got                           0x00000000003c3d80
libc.so.6-.got.plt                       0x00000000003c4000
libc.so.6-.data                          0x00000000003c4080
libc.so.6-.bss                           0x00000000003c5720

And there are indeed sections that get loaded at different offsets every time. You may see them in below. However, as I do not recognize them and to me not important, I would like to conclude that yes the sections we most concern about get loaded at the same offset each time the program runs.

libc.so.6-.note.stapsdt                  
libc.so.6-.gnu.warning.sigstack          
libc.so.6-.gnu.warning.sigreturn         
libc.so.6-.gnu.warning.siggetmask        
libc.so.6-.gnu.warning.tmpnam            
libc.so.6-.gnu.warning.tmpnam_r          
libc.so.6-.gnu.warning.tempnam           
libc.so.6-.gnu.warning.sys_errlist       
libc.so.6-.gnu.warning.sys_nerr          
libc.so.6-.gnu.warning.gets              
libc.so.6-.gnu.warning.getpw             
libc.so.6-.gnu.warning.re_max_failures   
libc.so.6-.gnu.warning.lchmod            
libc.so.6-.gnu.warning.getwd             
libc.so.6-.gnu.warning.sstk              
libc.so.6-.gnu.warning.revoke            
libc.so.6-.gnu.warning.mktemp            
libc.so.6-.gnu.warning.gtty              
libc.so.6-.gnu.warning.stty              
libc.so.6-.gnu.warning.chflags           
libc.so.6-.gnu.warning.fchflags          
libc.so.6-.gnu.warning.__compat_bdflush  
libc.so.6-.gnu.warning.__memset_zero_constant_len_parameter
libc.so.6-.gnu.warning.__gets_chk        
libc.so.6-.gnu.warning.inet6_option_space 
libc.so.6-.gnu.warning.inet6_option_init 
libc.so.6-.gnu.warning.inet6_option_append 
libc.so.6-.gnu.warning.inet6_option_alloc 
libc.so.6-.gnu.warning.inet6_option_next 
libc.so.6-.gnu.warning.inet6_option_find 
libc.so.6-.gnu.warning.getmsg            
libc.so.6-.gnu.warning.putmsg            
libc.so.6-.gnu.warning.fattach           
libc.so.6-.gnu.warning.fdetach           
libc.so.6-.gnu.warning.setlogin          
libc.so.6-.gnu_debuglink                 
libc.so.6-.shstrtab                      


来源:https://stackoverflow.com/questions/48347100/with-aslr-turned-on-are-all-sections-of-an-image-get-loaded-at-the-same-offsets

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!