Сколько битов адреса памяти будет рандомизировано ASLR в 32 и 64-битных Linux и Windows

975

Сколько битов адреса памяти будет рандомизировано ASLR в 32 и 64-битных Linux и Windows? Пожалуйста, приведите несколько примеров.

0

1 ответ на вопрос

0
David Marshall

The following has been extracted from a Technet article which contains additional information.

Prior to Windows 8, 64-bit executable images received the same amount of entropy that was used when randomizing 32-bit executable images (8 bits, or 1 in 256 chance of guessing correctly). The amount of entropy applied to 64-bit images has been significantly increased in most cases starting with Windows 8:

DLL images based above 4 GB: 19 bits of entropy (1 in 524,288 chance of guessing correctly) DLL images based below 4 GB: 14 bits of entropy (1 in 16,384 chance of guessing correctly). EXE images based above 4 GB: 17 bits of entropy (1 in 131,072 chance of guessing correctly). EXE images based below 4 GB: 8 bits of entropy (1 in 256 chance of guessing correctly). 

The reason that entropy differences exist due to the base address of an image is again for compatibility reasons. The Windows kernel currently uses the preferred base address of an image as a hint to decide if the image supports being based above 4 GB. Images that are based below 4 GB may not have been tested in scenarios where they are relocated above 4 GB and therefore may have latent pointer truncation issues. As such, the Windows kernel makes a best-effort attempt to ensure that these images load below 4 GB. Because of these constraints, the vast majority of 64-bit EXEs and DLLs in Windows 8 and Windows 8.1 have been based above 4 GB to ensure that they benefit from the highest possible degrees of entropy. 64-bit images produced by the Visual C++ tool chain also base images above 4 GB by default.

Похожие вопросы