禁用内存地址的随机化

发布于 2024-10-20 11:09:45 字数 230 浏览 8 评论 0原文

我正在尝试调试使用大量指针的二进制文件。有时,为了快速查看输出以找出错误,我会打印出对象的地址及其相应的值,但是,对象地址是随机的,这违背了快速检查的目的。 有没有办法暂时/永久禁用此功能,以便每次运行程序时都获得相同的值。

哎呀。操作系统是 Linux fsttcs1 2.6.32-28-generic #55-Ubuntu SMP Mon Jan 10 23:42:43 UTC 2011 x86_64 GNU/Linux

I'm trying to debug a binary that uses a lot of pointers. Sometimes for seeing output quickly to figure out errors, I print out the address of objects and their corresponding values, however, the object addresses are randomized and this defeats the purpose of this quick check up.
Is there a way to disable this temporarily/permanently so that I get the same values every time I run the program.

Oops. OS is Linux fsttcs1 2.6.32-28-generic #55-Ubuntu SMP Mon Jan 10 23:42:43 UTC 2011 x86_64 GNU/Linux

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

双手揣兜 2024-10-27 11:09:45

在 Ubuntu 上,可以通过以下方式禁用它...

echo 0 > /proc/sys/kernel/randomize_va_space

在 Windows 上,这篇文章可能会有所帮助...

http://blog.didierstevens.com/2007/11/20/quickpost-another-funny-vista-trick-with-aslr/

On Ubuntu , it can be disabled with...

echo 0 > /proc/sys/kernel/randomize_va_space

On Windows, this post might be of some help...

http://blog.didierstevens.com/2007/11/20/quickpost-another-funny-vista-trick-with-aslr/

谜泪 2024-10-27 11:09:45

要暂时禁用特定程序的 ASLR,您可以随时发出以下命令(不需要 sudo)

setarch `uname -m` -R ./yourProgram

To temporarily disable ASLR for a particular program you can always issue the following (no need for sudo)

setarch `uname -m` -R ./yourProgram
美人如玉 2024-10-27 11:09:45

您还可以在 UNIX exec 之前从 C 源代码以编程方式执行此操作。

如果您查看 setarch 的来源(这里是一个来源):

http://code.metager.de/source/ xref/linux/utils/util-linux/sys-utils/setarch.c

您可以查看是否归结为系统调用(syscall)或函数调用(取决于您的系统定义)。来自 setarch.c:

#ifndef HAVE_PERSONALITY
# include <syscall.h>
# define personality(pers) ((long)syscall(SYS_personality, pers))
#endif

在我的 CentOS 6 64 位系统上,看起来它使用了一个函数(可能调用上面相同的系统调用)。查看 /usr/include/sys/personality.h 中的包含文件中的这段代码(在 setarch 中引用为 )源代码):

/* Set different ABIs (personalities).  */
extern int personality (unsigned long int __persona) __THROW;

归根结底,您可以从 C 代码中调用并设置个性以使用 ADDR_NO_RANDOMIZE,然后 exec (就像 setarch 所做的那样) 。

#include <sys/personality.com>

#ifndef HAVE_PERSONALITY
# include <syscall.h>
# define personality(pers) ((long)syscall(SYS_personality, pers))
#endif

...

void mycode() 
{
   // If requested, turn off the address rand feature right before execing
   if (MyGlobalVar_Turn_Address_Randomization_Off) {
     personality(ADDR_NO_RANDOMIZE);
   } 
   execvp(argv[0], argv); // ... from set-arch.
}

很明显,你不能在你所在的进程中关闭地址随机化(笑:除非可能是动态加载),所以这只会影响稍后的分叉和执行。我相信地址随机化标志是由子子进程继承的?

无论如何,这就是您如何以编程方式关闭 C 源代码中的地址随机化。如果您不希望强制用户手动干预并使用 setarch 或前面列出的其他解决方案之一启动,这可能是您唯一的解决方案。

在您抱怨关闭此功能的安全问题之前,一些共享内存库/工具(例如 PickingTools 共享内存 和一些 IBM 数据库)需要能够关闭内存地址的随机化。

You can also do this programmatically from C source before a UNIX exec.

If you take a look at the sources for setarch (here's one source):

http://code.metager.de/source/xref/linux/utils/util-linux/sys-utils/setarch.c

You can see if boils down to a system call (syscall) or a function call (depending on what your system defines). From setarch.c:

#ifndef HAVE_PERSONALITY
# include <syscall.h>
# define personality(pers) ((long)syscall(SYS_personality, pers))
#endif

On my CentOS 6 64-bit system, it looks like it uses a function (which probably calls the self-same syscall above). Take a look at this snippet from the include file in /usr/include/sys/personality.h (as referenced as <sys/personality.h> in the setarch source code):

/* Set different ABIs (personalities).  */
extern int personality (unsigned long int __persona) __THROW;

What it boils down to, is that you can, from C code, call and set the personality to use ADDR_NO_RANDOMIZE and then exec (just like setarch does).

#include <sys/personality.com>

#ifndef HAVE_PERSONALITY
# include <syscall.h>
# define personality(pers) ((long)syscall(SYS_personality, pers))
#endif

...

void mycode() 
{
   // If requested, turn off the address rand feature right before execing
   if (MyGlobalVar_Turn_Address_Randomization_Off) {
     personality(ADDR_NO_RANDOMIZE);
   } 
   execvp(argv[0], argv); // ... from set-arch.
}

It's pretty obvious you can't turn address randomization off in the process you are in (grin: unless maybe dynamic loading), so this only affects forks and execs later. I believe the Address Randomization flags are inherited by child sub-processes?

Anyway, that's how you can programmatically turn off the address randomization in C source code. This may be your only solution if you don't want the force a user to intervene manually and start-up with setarch or one of the other solutions listed earlier.

Before you complain about security issues in turning this off, some shared memory libraries/tools (such as PickingTools shared memory and some IBM databases) need to be able to turn off randomization of memory addresses.

怎樣才叫好 2024-10-27 11:09:45

好吧,我只迟到了 13 年多的时间才得到答案,但由于您在最初的问题中特别提到了“调试”,而且还没有人提到过 gdb,所以我为未来的读者添加了这个答案。

在启用了 ASLR 的系统上,强烈建议在运行 gdb 时设置禁用随机化(或确保默认情况下处于活动状态),以便能够重现运行。

(gdb) help set disable-randomization
Set disabling of debuggee's virtual address space randomization.
When this mode is on (which is the default), randomization of the virtual
address space is disabled.  Standalone programs run with the randomization
enabled by default on some platforms.

另请参阅我对类似问题的更详细的回答

Well, I'm only 13+ years late for an answer, but since you specifically mentioned "debug" in your original question and nobody has yet referred to gdb, I am adding this answer for future readers.

On systems that have ASLR enabled, it is strongly recommended to run gdb with set disable-randomization on (or ensure that it is active by default), in order to be able to get reproduce runs.

(gdb) help set disable-randomization
Set disabling of debuggee's virtual address space randomization.
When this mode is on (which is the default), randomization of the virtual
address space is disabled.  Standalone programs run with the randomization
enabled by default on some platforms.

See also my more elaborate answer to a similar question.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文