Disable randomization of memory addresses

40.4k views Asked by At

I'm trying to debug a binary that uses a lot of pointers. Sometimes for seeing output quickly to figure out errors, I print out the address of objects and their corresponding values, however, the object addresses are randomized and this defeats the purpose of this quick check up. Is there a way to disable this temporarily/permanently so that I get the same values every time I run the program.

Oops. OS is Linux fsttcs1 2.6.32-28-generic #55-Ubuntu SMP Mon Jan 10 23:42:43 UTC 2011 x86_64 GNU/Linux

3

There are 3 answers

1
Brandon Frohbieter On BEST ANSWER

On Ubuntu , it can be disabled with...

echo 0 > /proc/sys/kernel/randomize_va_space

On Windows, this post might be of some help...

http://blog.didierstevens.com/2007/11/20/quickpost-another-funny-vista-trick-with-aslr/

0
rts1 On

You can also do this programmatically from C source before a UNIX exec.

If you take a look at the sources for setarch (here's one source):

http://code.metager.de/source/xref/linux/utils/util-linux/sys-utils/setarch.c

You can see if boils down to a system call (syscall) or a function call (depending on what your system defines). From setarch.c:

#ifndef HAVE_PERSONALITY
# include <syscall.h>
# define personality(pers) ((long)syscall(SYS_personality, pers))
#endif

On my CentOS 6 64-bit system, it looks like it uses a function (which probably calls the self-same syscall above). Take a look at this snippet from the include file in /usr/include/sys/personality.h (as referenced as <sys/personality.h> in the setarch source code):

/* Set different ABIs (personalities).  */
extern int personality (unsigned long int __persona) __THROW;

What it boils down to, is that you can, from C code, call and set the personality to use ADDR_NO_RANDOMIZE and then exec (just like setarch does).

#include <sys/personality.com>

#ifndef HAVE_PERSONALITY
# include <syscall.h>
# define personality(pers) ((long)syscall(SYS_personality, pers))
#endif

...

void mycode() 
{
   // If requested, turn off the address rand feature right before execing
   if (MyGlobalVar_Turn_Address_Randomization_Off) {
     personality(ADDR_NO_RANDOMIZE);
   } 
   execvp(argv[0], argv); // ... from set-arch.
}

It's pretty obvious you can't turn address randomization off in the process you are in (grin: unless maybe dynamic loading), so this only affects forks and execs later. I believe the Address Randomization flags are inherited by child sub-processes?

Anyway, that's how you can programmatically turn off the address randomization in C source code. This may be your only solution if you don't want the force a user to intervene manually and start-up with setarch or one of the other solutions listed earlier.

Before you complain about security issues in turning this off, some shared memory libraries/tools (such as PickingTools shared memory and some IBM databases) need to be able to turn off randomization of memory addresses.

3
Stephen On

To temporarily disable ASLR for a particular program you can always issue the following (no need for sudo)

setarch `uname -m` -R ./yourProgram