The Purpose of Base Address Randomization | ansaurus

tags:

views:

25

answers:

1

+1 Q:

The Purpose of Base Address Randomization

Since VS2008(Is it right?), MSVC linker option has a Base Address Randomization.

What the main purpose of this feature?

What I only glad to is, I don't need to rebase my Dlls manually anymore.

Is that all? Was it their purpose?
Is there any other benefit else.

+2 A:

I believe you'll find that the idea is to change the entry points making it harder to exploit them - ie now an attacker not only needs to be able get executable code into memory but also work out which addresses it should be pointing at.

See here for more information

Basiclife 2010-08-24 12:26:57

But, is 'Base Address Randomization' equal to ASLR? I thought it just decides it's base address(Only!) in runtime(Randomly).

Benjamin 2010-08-24 12:39:12

It's the same thing.

Hans Passant 2010-08-24 12:54:48

I believe the net result is the same - you're effectively adding a fixed offset to all addresses. See here: http://www.usenix.org/events/sec03/tech/full_papers/bhatkar/bhatkar_html/dao002.html which specifically refers to this as Base Address Randomisation

Basiclife 2010-08-24 12:56:30

@Hans - Do you ever sleep? I'm starting to wonder if you're an AI (I for one would like to welcome our new cybernetic overlords)

Basiclife 2010-08-24 12:58:46

related questions

What is the best way to do unit testing for ASP.NET 2.0 web pages?

TestDriven.NET is not running my SetUp methods for MbUnit

Automated release script and Visual Studio Setup projects

Setup Visual Studio 2005 to print line numbers

What is the best way to deploy a VB.NET application?

How do you pack a visual studio c++ project for release?

How to set up unit testing for Visual Studio C++

How can I create Debian install packages in Windows for a Visual Studio project?

Plugin for Visual Studio to Mimic Eclipse's "Open Type" or "Open Resource" Keyboard Access

How to generate getters and setters in Visual Studio?

Do you have any recommended add-ons/plugins for Microsoft Visual Studio?

What is keyboard shortcut to view all open documents in Visual Studio 2008

Visual Studio 2008 debugger already attached work-around

Add Custom Tag to Visual Studio Validation

ASP.NET MVC Without Visual Studio

Are Multiple DataContext classes ever appropriate?

Folders or Projects in a Visual Studio Solution?

What's a good book for learning ASP?

Integrating Visual Studio Test Project with Cruise Control

.Net XML comment into API Documentation

Visual Studio Setup Project - Per User Registry Settings

.NET Testing Framework Advice

Automatically update version number

Build for Windows NT 4.0 using Visual Studio 2005?

ASP.NET, Visual Studio and Subversion - how to integrate?