Let's say I have this piece of code that changes the 10 address to the value 20 and the following one to 30
mov ebx,10
mov [ebx],20
add ebx,1
mov ebx,30
How can the address change each time it is executed? is it require change that the compiler do to allow it
Unless you are working on firmware or maybe hypervisor code, the addresses in your assembly are not physical but virtual. The lower ring levels (kernel, hypervisor, firmware) have Page Tables in their own memory space to map the virtual addresses into physical ones (or at least corresponding to their own address space when the hardware supports nested paging) and the Memory Management Unit keeps a cache of those mappings to make memory accesses as fast as possible.
When ASLR is active, every time you run an executable the kernel allocates the stack, the heap and instructions into new randomly generated memory offsets so the attackers have no way to be certain about the exact address the overflown buffer is at. Thus, they cannot feed it to the Instruction Pointer when RET is executed and, if by chance they managed to reach it, with W^X they still would have to find out the right instruction addresses of the functions they want to return to to avoid segmentation faults. The same applies to object pointers on the heap.
Attackers usually use NOP slides and Heap Sprays in order to deal with address uncertainty, or either try to to access them on the Global Offset Table or find other leaks instead.
How can the address change each time it is executed? is it require change that the compiler do to allow it
It needs to be a Position Independent Executable: the addresses need to be defined as offsets rather than absolute inside the executable and linked library files, and that is done by the compiler. When the Dynamic Linker loads them and allocates them what it's basically doing is generating a different random base to multiply against those offsets.
Even if the previous answer seems nice, it does not answer your question at all.
ASLR is not randomizing every address of your program, but only it base address.
Let's say that, without ASLR, you program is calling a function that is statically located at 0x556d528a5772. By enabling ASLR, your function will be located at 0x5826beca9772, which is random, but share the same suffix whan the 'original' address. Only the base address have changed.
That's why you can play with offsets and addresses at the assembly level, but still have something working when ASLR is enabled.
