0

I just printed function addresses and offset between two functions, but the offset is fixed whenever the program is executed (base address is only changed).

Code (test.c)

#include <stdio.h>
#include <stdint.h>

void func() {
    printf("func!\n");
}

void func2() {
    printf("func2!\n");
}

int main() {
    uintptr_t main_addr = main;
    uintptr_t func_addr = func;
    uintptr_t func2_addr = func2;

    printf("main_addr: %p\n", main_addr);
    printf("func_addr: %p\n", func_addr);
    printf("func2_addr: %p\n", func2_addr);
    printf("offset (main - func): %ld\n", main_addr - func_addr);
    printf("offset (main - func2): %ld\n", main_addr - func2_addr);
}

Compile

gcc test.c

Result

(1st execution)
main_addr: 0x5578d1296190
func_addr: 0x5578d129616a
func2_addr: 0x5578d129617d
offset (main - func): 38
offset (main - func2): 19

(2nd execution)
main_addr: 0x55bf299d9190
func_addr: 0x55bf299d916a
func2_addr: 0x55bf299d917d
offset (main - func): 38
offset (main - func2): 19

(3rd execution)
main_addr: 0x55ba4767d190
func_addr: 0x55ba4767d16a
func2_addr: 0x55ba4767d17d
offset (main - func): 38
offset (main - func2): 19

My kernel version is 5.4 (i.e., ubuntu 18.04)

So, my questions are:

  1. Is this expected behavior(fixed offset) in ubuntu 18.04?
  2. How can I make a situation that randomizes not only base address, but also offset.

Thank you

user257164
  • 103
  • 2

1 Answers1

2

ASLR is about randomizing the layout of dynamically-linked libraries used by your code, not about randomizing within your program. The goal is to prevent an attacker from being able to simply hard-code the location of something like exec into a remote-execution exploit.

To illustrate, two different copies of bash from my computer have libc at different addresses according to /proc/[pid]/maps:

7fd647904000-7fd647a47000 r-xp 00022000 00:12 12970738                   /lib64/libc-2.32.so

7f2b574cd000-7f2b57610000 r-xp 00022000 00:12 12970738                   /lib64/libc-2.32.so

Instead of looking at addresses within your code, try checking the address of a library function, such as printf.

Mark
  • 34,390
  • 9
  • 85
  • 134