如何设置堆栈不可执行和ASLR
来源:互联网 发布:免费2级域名注册永久 编辑:程序博客网 时间:2024/06/05 23:58
最近,做一个调查,如何在Windows和Linux系统下,做堆栈执行保护,和ASLR(Address Space Layout Randomization)。找了好多材料,才找到,在这里总结一下:
OSExecution space protectionASLR (Address Space Layout Randomization)DescriptionCheck ToolWindows
Compiler Option:
/NXCOMPACT
Default is enabled.
System option:
1.Open the Control Panel
2.Select System & Maintenance
3.Click System
4.Click Advanced System Settings
5.Click the Advanced tab
6.Click Performance Settings
7.Click the Data Execution Prevention tab
Compiler Option:
/DYNAMICBASE
Default is enabled.
System option:
ASLR is enabled by default. I don’t find the way to disable it. But, it can only run well based on enabling DEP/ NX.
Windbg
PllyDbgLinux
Compiler (Link) Option:
-Wl,-z,noexecstack or -Wa,--noexecstack
System option:
/proc/sys/kernel/exec-shield
Compiler Option:
-fPIC -pie
System option:
/proc/sys/kernel/randomize_va_space
Or
sysctl -w kernel.randomize_va_space=NEWVALUE
1) http://www.trapkit.de/tools/checksec.html
2) find /lib -exec execstack -q {} \; -print 2> /dev/null | grep ^X to check whether the stack is executable
3) execstack -q ~/lib/libfoo.so.1 ~/bin/bar
will query executable stack marking of the given files.
4) Command
readelf -h -d /usr/sbin/smbd | grep ‘Type:.*DYN’
If the file has been compiled for PIE, the command will return something similar to the following:
Type: DYN (Shared object file)
堆栈检测保护设置:
OSCompiler flagWindows/GSLinux-fstack-protector-all
-fstack-protector
randomize_va_space 的可能值如下:
ValueDescription0ASLR is disabled1All supported formsof ASLR are enabled, except heap randomization2All supported formsof ASLR are enabled.
exec-shield的取值如下:
ValueDescription0Exec-shield (includingrandomized VM mapping) is disabled for all binaries, marked or not1Exec-shield is enabled forall marked binaries (default)2Exec-shield is enabled forall binaries, regardless of marking (to be used for testing purposes ONLY)
在linux系统下,还有一个execstack 的命令可以设置库或者可执行文件的堆栈执行保护标志, 参数如下:
ValueDescription-c, --clear-execstack
Clear executablestack flag bit-q, --queryQuery executable stack flagbit-s, --set-execstackSet executable stack flagbit
希望对大家在Windows和Linux下,保护缓冲区溢出有所帮助。
- 如何设置堆栈不可执行和ASLR
- 绕过Linux不可执行堆栈保护的方法浅析
- 如何禁用win7的ASLR
- 如何设置JTable不可编辑
- 执行上下文和执行上下文堆栈
- 如何查看程序是否支持ASLR
- 堆栈执行
- C++如何设置默认堆栈的大小
- Android如何设置ListView不可点击
- 突破ASLR保护和编译器栈保护
- DEP和ASLR的原理与破解
- 突破ASLR保护和编译器栈保护
- javascript中的执行上下文堆栈和执行上下文
- 内存溢出和关于堆栈设置
- 用户态进程如何在堆栈执行代码
- js随记----如何将文本框设置成不可编辑的
- 如何将多行文本框设置为不可拖动
- Extjs如何设置chekcbox选中,并且不可编辑。
- 配置vnc远程连接Linux和unix服务器图形界面安装Oracle
- 优化的基本知识
- Oracle中查看所有的表,用户表,列名,主键,外键
- JAVA程序员需要学习的25个标准
- mysql alter table总结
- 如何设置堆栈不可执行和ASLR
- Apple Store店员可用iOS设备定位店内顾客协助其完成购买
- 多些时间能少写些代码
- 怪问题
- main_loop()分析
- 设计两个线程一个线程做加运算一个线程减运算
- cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for elemen
- 重读《Java编程思想》之一:一切皆是对象
- 字符指针的初始化