Uninformed: Informative Information for the Uninformed

Vol 9» 2008.Jan

No Support for ASLR

Windows Vista was the first major release of Windows to include a built-in implementation of Address Space Layout Randomization (ASLR)[15,24]. In order to head off potential application compatibility issues, Microsoft chose to make ASLR an opt-in feature by requiring binaries to be compiled with a new compiler switch (/dynamicbase)[21]. This compiler switch is responsible for setting a bit (0x40) in the DllCharacteristics that are defined within a binary. If this bit is set, the Windows kernel will attempt to randomize the base address of the binary when it is mapped into memory the first time. If the bit is not set, the binary will not have its base address randomized, although it could be relocated in memory if the binary's preferred region is already occupied by another allocation. As such, any binary that does not support ASLR may be mapped at a predictable location within a process address space at execution time. This can allow an attacker to make assumptions about the address space which may make exploitation easier if a vulnerability is found within any code that is mapped into the same address space as the module of interest.