苹果公司自己的ASLR实施如何运作?

时间:2021-11-21 02:29:38

According to ASLR(Address Space Layout Randomization), It provides random stack and heap allocations and page load every time a process starts, and randomize the address where objects are placed in virtual space of a given process.

根据ASLR(地址空间布局随机化),它在每次进程启动时提供随机堆栈和堆分配以及页面加载,并随机化对象放置在给定进程的虚拟空间中的地址。

But in my application running on ios, i create an object named ObjectA, after several reload the process ,i found that the address of ObjectA is all the same ,no randomize.

但是在ios上运行的应用程序中,我创建了一个名为ObjectA的对象,经过多次重载后,我发现ObjectA的地址完全相同,没有随机化。

How does Apples's own ASLR implementation work? Why ObjectA's address is all the same?

苹果公司自己的ASLR实施如何运作?为什么ObjectA的地址都一样?

2 个解决方案

#1


3  

What you mean for "several reload"? You should explicitly quit the application, because of the multitasking you might reopen the same process.

你对“几次重装”的意思是什么?您应该显式退出应用程序,因为多任务处理可能会重新打开相同的进程。

eg. This is one of my applications printing out the address of a UIViewController instance, as you can see the address of the object is different in every execution.

例如。这是我的应用程序之一打印出UIViewController实例的地址,因为您可以看到对象的地址在每次执行时都是不同的。

First run: <DCViewController: 0x13d4a0>
Second run: <DCViewController: 0x2880f0>
Third run: <DCViewController: 0x2a2050>

(I do not think this is the case but in XCode there's an option to enable PIE (Position Independent Executable) under "Build Settings" and it's called "Don't Create Position Indipendent Executables", you can find it easily but typing "pie" in the search box. This option should be set to No).

(我不认为是这种情况,但在XCode中有一个选项可以在“Build Settings”下启用PIE(Position Independent Executable)并且它被称为“Do not Create Position Indipendent Executables”,你可以轻松地找到它但输入“pie” “在搜索框中。此选项应设置为”否“。

EDIT:

Moreover Xcode will only make PIE binaries if deployment target is >= 4.3

此外,如果部署目标> = 4.3,Xcode将只生成PIE二进制文件

Hope this helps =)

希望这有助于=)

#2


0  

For completeness, the guy who did the work to answer that question was Dino Zovi in Apple iOS 4 Security Evaluation. My apologies if someone else published before Dino (I am not aware of the work or who you are).

为了完整起见,完成这项工作的人是Apple iOS 4安全评估中的Dino Zovi。如果其他人在Dino之前发表(我不知道你的工作或你是谁),我道歉。

Zovi published his stuff well before Apple published iOS Security. Dino's work is still more complete.

Zovi在Apple发布iOS Security之前发布了他的东西。迪诺的工作还是比较完整的。

#1


3  

What you mean for "several reload"? You should explicitly quit the application, because of the multitasking you might reopen the same process.

你对“几次重装”的意思是什么?您应该显式退出应用程序,因为多任务处理可能会重新打开相同的进程。

eg. This is one of my applications printing out the address of a UIViewController instance, as you can see the address of the object is different in every execution.

例如。这是我的应用程序之一打印出UIViewController实例的地址,因为您可以看到对象的地址在每次执行时都是不同的。

First run: <DCViewController: 0x13d4a0>
Second run: <DCViewController: 0x2880f0>
Third run: <DCViewController: 0x2a2050>

(I do not think this is the case but in XCode there's an option to enable PIE (Position Independent Executable) under "Build Settings" and it's called "Don't Create Position Indipendent Executables", you can find it easily but typing "pie" in the search box. This option should be set to No).

(我不认为是这种情况,但在XCode中有一个选项可以在“Build Settings”下启用PIE(Position Independent Executable)并且它被称为“Do not Create Position Indipendent Executables”,你可以轻松地找到它但输入“pie” “在搜索框中。此选项应设置为”否“。

EDIT:

Moreover Xcode will only make PIE binaries if deployment target is >= 4.3

此外,如果部署目标> = 4.3,Xcode将只生成PIE二进制文件

Hope this helps =)

希望这有助于=)

#2


0  

For completeness, the guy who did the work to answer that question was Dino Zovi in Apple iOS 4 Security Evaluation. My apologies if someone else published before Dino (I am not aware of the work or who you are).

为了完整起见,完成这项工作的人是Apple iOS 4安全评估中的Dino Zovi。如果其他人在Dino之前发表(我不知道你的工作或你是谁),我道歉。

Zovi published his stuff well before Apple published iOS Security. Dino's work is still more complete.

Zovi在Apple发布iOS Security之前发布了他的东西。迪诺的工作还是比较完整的。