How to turn off ASLR under Windows?

Question

I'm experimenting a bit with formatstring attacks with a little program (all vulnerabilities intended):

#include <stdio.h>

int main(int argc, char *argv[]) {
    char string[100];
    gets(string);

    char * secret1 = "This is secret";
    char * secret2 = "This is secret too";

    printf(string);
    return 0;
}

Also I deactivated ASLR and DEP in the Visual Studio 2015 linker settings and then built it, but when I run it and try to exploit by passing %s%s%s I just get random gibberish as if ASLR was activated. Also the program crashes when I supply more than three %s's.

Has anyone an idea what could be wrong? Do I need to turn ASLR off globally?

@IdanCohen is correct. This question has also been asked and answered on StackOverflow, too. http://stackoverflow.com/questions/9560993/how-do-you-disable-aslr-address-space-layout-randomization-on-windows-7-x64 — John Deters, Dec 14 '16 at 21:37
I'm voting to close this question as off-topic because it's not specifically a security question, and it has been answered over on http://stackoverflow.com/questions/9560993/how-do-you-disable-aslr-address-space-layout-randomization-on-windows-7-x64 — Rory Alsop, Dec 14 '16 at 23:59

score 0 · Answer 1 · answered Dec 14 '16 at 21:31

0

No,

While I don't know the settings you use to disable, using:

DYNAMICBASE:NO

Should disable ASLR on your executable You can easily check it with process explorer / PE-studio and more.

answered Dec 14 '16 at 21:31

Odahviing

1
1

How to turn off ASLR under Windows?

1 Answers1