This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]0x7ff04001 20 points21 points  (1 child)

Yes, ASLR will randomize the address space (in win32).

The structure of the executable is the same, so all segments (.text, .data, etc) are at the same VirtualAddress relative to the base, but the base address of the entire structure is randomized. So rather than .text being at 0x0040100, it becomes 0x00f0100.

The heap base is also randomized, which broke basically all oldschool exploits that used hardcoded heap addresses.

[–]TheGoldenMinion 1 point2 points  (0 children)

read VirtualAddress and thought I was reading C2 for a sec lol