禁用内存地址的随机化
我正在尝试调试使用大量指针的二进制文件。有时,为了快速查看输出以找出错误,我会打印出对象的地址及其相应的值,但是,对象地址是随机的,这违背了快速检查的目的。 有没有办法暂时/永久禁用此功能,以便每次运行程序时都获得相同的值。
哎呀。操作系统是 Linux fsttcs1 2.6.32-28-generic #55-Ubuntu SMP Mon Jan 10 23:42:43 UTC 2011 x86_64 GNU/Linux
I'm trying to debug a binary that uses a lot of pointers. Sometimes for seeing output quickly to figure out errors, I print out the address of objects and their corresponding values, however, the object addresses are randomized and this defeats the purpose of this quick check up.
Is there a way to disable this temporarily/permanently so that I get the same values every time I run the program.
Oops. OS is Linux fsttcs1 2.6.32-28-generic #55-Ubuntu SMP Mon Jan 10 23:42:43 UTC 2011 x86_64 GNU/Linux
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
在 Ubuntu 上,可以通过以下方式禁用它...
在 Windows 上,这篇文章可能会有所帮助...
http://blog.didierstevens.com/2007/11/20/quickpost-another-funny-vista-trick-with-aslr/
On Ubuntu , it can be disabled with...
On Windows, this post might be of some help...
http://blog.didierstevens.com/2007/11/20/quickpost-another-funny-vista-trick-with-aslr/
要暂时禁用特定程序的 ASLR,您可以随时发出以下命令(不需要 sudo)
To temporarily disable ASLR for a particular program you can always issue the following (no need for sudo)
您还可以在 UNIX
exec之前从 C 源代码以编程方式执行此操作。如果您查看 setarch 的来源(这里是一个来源):
http://code.metager.de/source/ xref/linux/utils/util-linux/sys-utils/setarch.c
您可以查看是否归结为系统调用(
syscall)或函数调用(取决于您的系统定义)。来自 setarch.c:在我的 CentOS 6 64 位系统上,看起来它使用了一个函数(可能调用上面相同的系统调用)。查看
/usr/include/sys/personality.h中的包含文件中的这段代码(在 setarch 中引用为归根结底,您可以从 C 代码中调用并设置个性以使用 ADDR_NO_RANDOMIZE,然后
exec(就像setarch所做的那样) 。很明显,你不能在你所在的进程中关闭地址随机化(笑:除非可能是动态加载),所以这只会影响稍后的分叉和执行。我相信地址随机化标志是由子子进程继承的?
无论如何,这就是您如何以编程方式关闭 C 源代码中的地址随机化。如果您不希望强制用户手动干预并使用 setarch 或前面列出的其他解决方案之一启动,这可能是您唯一的解决方案。
在您抱怨关闭此功能的安全问题之前,一些共享内存库/工具(例如 PickingTools 共享内存 和一些 IBM 数据库)需要能够关闭内存地址的随机化。
You can also do this programmatically from C source before a UNIX
exec.If you take a look at the sources for setarch (here's one source):
http://code.metager.de/source/xref/linux/utils/util-linux/sys-utils/setarch.c
You can see if boils down to a system call (
syscall) or a function call (depending on what your system defines). From setarch.c:On my CentOS 6 64-bit system, it looks like it uses a function (which probably calls the self-same syscall above). Take a look at this snippet from the include file in
/usr/include/sys/personality.h(as referenced as<sys/personality.h>in the setarch source code):What it boils down to, is that you can, from C code, call and set the personality to use ADDR_NO_RANDOMIZE and then
exec(just likesetarchdoes).It's pretty obvious you can't turn address randomization off in the process you are in (grin: unless maybe dynamic loading), so this only affects forks and execs later. I believe the Address Randomization flags are inherited by child sub-processes?
Anyway, that's how you can programmatically turn off the address randomization in C source code. This may be your only solution if you don't want the force a user to intervene manually and start-up with setarch or one of the other solutions listed earlier.
Before you complain about security issues in turning this off, some shared memory libraries/tools (such as PickingTools shared memory and some IBM databases) need to be able to turn off randomization of memory addresses.
好吧,我只迟到了 13 年多的时间才得到答案,但由于您在最初的问题中特别提到了“调试”,而且还没有人提到过 gdb,所以我为未来的读者添加了这个答案。
在启用了 ASLR 的系统上,强烈建议在运行 gdb 时设置禁用随机化(或确保默认情况下处于活动状态),以便能够重现运行。
另请参阅我对类似问题的更详细的回答 。
Well, I'm only 13+ years late for an answer, but since you specifically mentioned "debug" in your original question and nobody has yet referred to gdb, I am adding this answer for future readers.
On systems that have ASLR enabled, it is strongly recommended to run gdb with
set disable-randomization on(or ensure that it is active by default), in order to be able to get reproduce runs.See also my more elaborate answer to a similar question.