-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathaslr.c
102 lines (83 loc) · 2.89 KB
/
aslr.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
#include <stdint.h>
#define PAGE_SIZE 4096
#define MAX_PAGES 1000000
typedef struct {
uintptr_t address;
int is_allocated;
} MemoryPage;
typedef struct {
MemoryPage pages[MAX_PAGES];
uintptr_t text_start;
uintptr_t data_start;
uintptr_t heap_start;
uintptr_t stack_start;
uintptr_t mmap_start;
} MemoryLayout;
MemoryLayout g_memory_layout;
void init_memory_layout() {
memset(&g_memory_layout, 0, sizeof(MemoryLayout));
srand(time(NULL) ^ (getpid() << 16));
}
uintptr_t randomize_address(uintptr_t start, size_t range) {
return (start + (rand() % range));
}
void* allocate_random_page() {
int page_index;
do {
page_index = rand() % MAX_PAGES;
} while (g_memory_layout.pages[page_index].is_allocated);
g_memory_layout.pages[page_index].is_allocated = 1;
g_memory_layout.pages[page_index].address = page_index * PAGE_SIZE;
return (void*)g_memory_layout.pages[page_index].address;
}
void apply_aslr() {
g_memory_layout.text_start = randomize_address(0x400000, 0x10000);
g_memory_layout.data_start = randomize_address(0x600000, 0x10000);
g_memory_layout.heap_start = randomize_address(0x800000, 0x100000);
g_memory_layout.mmap_start = randomize_address(0xf7000000, 0x10000000);
g_memory_layout.stack_start = randomize_address(0x7ffffffde000, 0x20000);
}
void* sim_malloc(size_t size) {
uintptr_t addr = (uintptr_t)allocate_random_page();
return (void*)(addr + (rand() % (PAGE_SIZE - size)));
}
void* sim_alloca(size_t size) {
return (void*)(g_memory_layout.stack_start - (rand() % (0x20000 - size)));
}
void* load_shared_library(const char* name) {
return (void*)randomize_address(g_memory_layout.mmap_start, 0x10000000);
}
void stack_function() {
int stack_var;
printf("Stack variable address: %p\n", (void*)&stack_var);
}
int main() {
init_memory_layout();
apply_aslr();
printf("Process ID: %d\n", getpid());
printf("Text segment start: %p\n", (void*)g_memory_layout.text_start);
printf("Data segment start: %p\n", (void*)g_memory_layout.data_start);
printf("Heap start: %p\n", (void*)g_memory_layout.heap_start);
printf("Stack start: %p\n", (void*)g_memory_layout.stack_start);
printf("mmap region start: %p\n", (void*)g_memory_layout.mmap_start);
printf("\nStack Randomization:\n");
for (int i = 0; i < 3; i++) {
stack_function();
}
printf("\nHeap Randomization:\n");
for (int i = 0; i < 3; i++) {
void* heap_var = sim_malloc(sizeof(int));
printf("Heap allocation %d: %p\n", i + 1, heap_var);
}
printf("\nShared Library Randomization:\n");
for (int i = 0; i < 3; i++) {
void* lib_addr = load_shared_library("example_lib.so");
printf("Shared library %d loaded at: %p\n", i + 1, lib_addr);
}
return 0;
}