Visual Studio 2005 SP1 Beta, Windows Vista and ASLR

Published 26 September 06 04:39 PM

Today the Visual Studio 2005 team released Service Pack 1 Beta. Included in the beta is the new linker that supports Address Space Layout Randomization on Windows Vista. You can get the update from the Microsoft Connect Site.

By default on Windows Vista system components are loaded at random locations, but with this new linker update Windows Vista will load your code at a random base address, all you need to do is use the new /dynamicbase linker option.

Here's how to use it.

  1. Load your C/C++ project.
  2. Open Solution Explorer (if it's not already opened)
  3. Right-click the Project name
  4. Click Properties
  5. Click the '+' symbol next to Linker
  6. Click Command Line
  7. In the Additional options pane type /dynamicbase

Voila!

You can verify your application loaded at a random address by loading the application under a debugger such as kd or windbg and looking at the base address as the process loads. On my computer, a little application I wrote to determine the address of various components within Windows Vista loaded at the following addresses on three separate reboots.

ModLoad: 00b00000 00b1b000 C:\test\CheckASLR\debug\CheckASLR.exe
ModLoad: 008c0000 008db000 C:\test\CheckASLR\debug\CheckASLR.exe
ModLoad: 01250000 0126b000 C:\test\CheckASLR\debug\CheckASLR.exe

by michael_HOWARD
Filed under: ,

Comments

# chrisbro said on September 27, 2006 12:32 AM:
It would be great if this was exposed through UI (or even turned on my default!) in the final SP1.  Having to know to go in and enter /dynamicbase sucks.
# KJK::Hyperion said on September 27, 2006 5:32 AM:
Say, what does this imply in terms of the executable's layout? what does the linker option does that producing a relocatable executable didn't?
# michael_HOWARD said on September 27, 2006 12:49 PM:
>>exposed through UI
file a bug against the beta - all the bugs are looked at.
# michael_HOWARD said on September 27, 2006 12:49 PM:
>>what does this imply in terms of the executable's layout

nothing much - there is a new bit added to the PE header.
# MARuel said on September 29, 2006 4:47 PM:
Wow, that must use a lot of memory for shared DLLs :(
# michael_HOWARD said on September 30, 2006 1:49 AM:
>>Wow, that must use a lot of memory for shared DLLs :(


not at all - a system DLL is loaded at the same address for each application, it's just random across reboots.
# Michael Howard's Web Log said on October 4, 2006 3:23 PM:

I've had some people ask me about a paper that was recently published detailing alleged bugs in Address

# Michael Howard's Web Log said on October 4, 2006 3:26 PM:

I've had some people ask me about a paper that was recently published detailing alleged bugs in Address

# Mario Contestabile said on November 15, 2006 3:52 PM:

Sorry if you've answered this before, but

does this mean that rebasing is now a thing of the past?

thanks

m

New Comments to this post are disabled
Page view tracker