Visual Studio 2005 SP1 Beta, Windows Vista and ASLR


Today the Visual Studio 2005 team released Service Pack 1 Beta. Included in the beta is the new linker that supports Address Space Layout Randomization on Windows Vista. You can get the update from the Microsoft Connect Site.


By default on Windows Vista system components are loaded at random locations, but with this new linker update Windows Vista will load your code at a random base address, all you need to do is use the new /dynamicbase linker option.


Here’s how to use it.



  1. Load your C/C++ project.
  2. Open Solution Explorer (if it’s not already opened)
  3. Right-click the Project name
  4. Click Properties
  5. Click the ‘+’ symbol next to Linker
  6. Click Command Line

  7. In the Additional options pane type /dynamicbase

Voila!


You can verify your application loaded at a random address by loading the application under a debugger such as kd or windbg and looking at the base address as the process loads. On my computer, a little application I wrote to determine the address of various components within Windows Vista loaded at the following addresses on three separate reboots.


ModLoad: 00b00000 00b1b000 C:\test\CheckASLR\debug\CheckASLR.exe
ModLoad: 008c0000 008db000 C:\test\CheckASLR\debug\CheckASLR.exe
ModLoad: 01250000 0126b000 C:\test\CheckASLR\debug\CheckASLR.exe

Comments (9)

  1. chrisbro says:

    It would be great if this was exposed through UI (or even turned on my default!) in the final SP1.  Having to know to go in and enter /dynamicbase sucks.

  2. KJK::Hyperion says:

    Say, what does this imply in terms of the executable’s layout? what does the linker option does that producing a relocatable executable didn’t?

  3. michael_HOWARD says:

    >>exposed through UI

    file a bug against the beta – all the bugs are looked at.

  4. michael_HOWARD says:

    >>what does this imply in terms of the executable’s layout

    nothing much – there is a new bit added to the PE header.

  5. MARuel says:

    Wow, that must use a lot of memory for shared DLLs 🙁

  6. michael_HOWARD says:

    >>Wow, that must use a lot of memory for shared DLLs 🙁

    not at all – a system DLL is loaded at the same address for each application, it’s just random across reboots.

  7. I’ve had some people ask me about a paper that was recently published detailing alleged bugs in Address

  8. I’ve had some people ask me about a paper that was recently published detailing alleged bugs in Address

  9. Sorry if you’ve answered this before, but

    does this mean that rebasing is now a thing of the past?

    thanks

    m