Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why is the address of a function different on each execution? [duplicate]

Tags:

c++

c

The address of executable code is decided at link time, isn't it?

#include <stdio.h>
int main ()
{
     printf("%p", (void*)&main);
     return 0;
}

example output #1:

0x563ac3667139

example output #2:

0x55e3903a9139
like image 212
Holomorphic21 Avatar asked Jan 10 '20 14:01

Holomorphic21


2 Answers

On many modern systems, at link time it will determine the address of the function relative to the base address module. When the module (exe, dll, or so) is loaded, Address Space Layout Randomization (ASLR) gives it a different base address.

This is for security, it means the addresses of functions is not predictable. This means certain attacks that might for example overflow a stack variable to overwrite the return address or a function pointer with some other function (for malicious purposes), can't easily predict what address to overwrite it with, it will vary from run to run.

The ability to relocate the base address also solves the practical problem of a conflict, if you load a.dll and b.dll which were independently compiled for the same base address, that won't work, so being able to relocate one resolves the conflict.

At the machine code level, this is fine because most jumps and calls use a relative instruction offset, not an absolute. Although certain constructs are dynamically patched when the module is loaded, or use some form of "table" that is populated with the correct addresses.

See also Relocation (computing)

like image 156
Fire Lancer Avatar answered Nov 13 '22 03:11

Fire Lancer


This is a security technique called address space layout randomization.

It deliberately moves things around on each execution, to make it more difficult for attackers to know where bits of data are in your process and hack them.

like image 29
Lightness Races in Orbit Avatar answered Nov 13 '22 04:11

Lightness Races in Orbit