CODEWITHSUNDEEP
linuxmemory-addressaslr
0fnt
0fnt

Reputation: 8661

Disable randomization of memory addresses

I'm trying to debug a binary that uses a lot of pointers. Sometimes for seeing output quickly to figure out errors, I print out the address of objects and their corresponding values, however, the object addresses are randomized and this defeats the purpose of this quick check up. Is there a way to disable this temporarily/permanently so that I get the same values every time I run the program.

Oops. OS is Linux fsttcs1 2.6.32-28-generic #55-Ubuntu SMP Mon Jan 10 23:42:43 UTC 2011 x86_64 GNU/Linux

Upvotes: 45

Views: 44342

Answers (4)

andreee
andreee

Reputation: 4679

Well, I'm only 13+ years late for an answer, but since you specifically mentioned "debug" in your original question and nobody has yet referred to gdb, I am adding this answer for future readers.

On systems that have ASLR enabled, it is strongly recommended to run gdb with set disable-randomization on (or ensure that it is active by default), in order to be able to get reproduce runs.

(gdb) help set disable-randomization
Set disabling of debuggee's virtual address space randomization.
When this mode is on (which is the default), randomization of the virtual
address space is disabled.  Standalone programs run with the randomization
enabled by default on some platforms.

See also my more elaborate answer to a similar question.

Upvotes: 1

rts1
rts1

Reputation: 1466

You can also do this programmatically from C source before a UNIX exec.

If you take a look at the sources for setarch (here's one source):

http://code.metager.de/source/xref/linux/utils/util-linux/sys-utils/setarch.c

You can see if boils down to a system call (syscall) or a function call (depending on what your system defines). From setarch.c:

#ifndef HAVE_PERSONALITY
# include <syscall.h>
# define personality(pers) ((long)syscall(SYS_personality, pers))
#endif

On my CentOS 6 64-bit system, it looks like it uses a function (which probably calls the self-same syscall above). Take a look at this snippet from the include file in /usr/include/sys/personality.h (as referenced as <sys/personality.h> in the setarch source code):

/* Set different ABIs (personalities).  */
extern int personality (unsigned long int __persona) __THROW;

What it boils down to, is that you can, from C code, call and set the personality to use ADDR_NO_RANDOMIZE and then exec (just like setarch does).

#include <sys/personality.com>

#ifndef HAVE_PERSONALITY
# include <syscall.h>
# define personality(pers) ((long)syscall(SYS_personality, pers))
#endif

...

void mycode() 
{
   // If requested, turn off the address rand feature right before execing
   if (MyGlobalVar_Turn_Address_Randomization_Off) {
     personality(ADDR_NO_RANDOMIZE);
   } 
   execvp(argv[0], argv); // ... from set-arch.
}

It's pretty obvious you can't turn address randomization off in the process you are in (grin: unless maybe dynamic loading), so this only affects forks and execs later. I believe the Address Randomization flags are inherited by child sub-processes?

Anyway, that's how you can programmatically turn off the address randomization in C source code. This may be your only solution if you don't want the force a user to intervene manually and start-up with setarch or one of the other solutions listed earlier.

Before you complain about security issues in turning this off, some shared memory libraries/tools (such as PickingTools shared memory and some IBM databases) need to be able to turn off randomization of memory addresses.

Upvotes: 11

Stephen
Stephen

Reputation: 2823

To temporarily disable ASLR for a particular program you can always issue the following (no need for sudo)

setarch `uname -m` -R ./yourProgram

Upvotes: 49

Brandon Frohbieter
Brandon Frohbieter

Reputation: 18139

On Ubuntu , it can be disabled with...

echo 0 > /proc/sys/kernel/randomize_va_space

On Windows, this post might be of some help...

http://blog.didierstevens.com/2007/11/20/quickpost-another-funny-vista-trick-with-aslr/

Upvotes: 55

Related Questions