Off Topic > Off Topic
Programming Megathread
Nickelob Ultra:
IkeTheGeneric:
Sounds about right
Metario:
yfw ProjectileData::onExplode keeps gunking up the project ur working on
yfw badspot made the function so complicated it takes a lingustics major in gibberish just to understand it
FelipeO_O_:
--- Quote from: Metario on February 04, 2017, 05:04:58 PM ---yfw ProjectileData::onExplode keeps gunking up the project ur working on
yfw badspot made the function so complicated it takes a lingustics major in gibberish just to understand it
--- End quote ---
for your sake bump
Meldaril:
A question about Windows ASLR for executables modules.
Is the base address computed at module initialisation and cached? On a reboot will a new base address be computed for the module - again at initialisation?
Or
Is the base address hashed based on module attributes found in the PE header and the filesize? So that on a reboot, the base address is constant.
My observation so far: Writing to an executable causes a new base address to be computed.
This small position-independent assembly fragment jumps to the original entry point of an exectuble and solves ASLR. I wrote this originally in C++ and inline assembly but now it's an MASM file on its own. It's a nasty hackjob that I'm in the process of replacing with a runtime assembler engine. The stack stuff and conditional jumping was done in C++. It accesses the process-entry-block (PEB) via the file segment (FS) register. The PEB contains a linked list of all the loaded modules for a given process. It iterates through the loaded modules and compares each base address with a constant written into the assembly at runtime (the original entry point offset found within the PE header). I avoided using functions calls to any API to avoid having to rebuild the PE import table.
Another terrible hack is the function pointer arithmetic I did to copy that entire procedure into an array. Using two functions pointers, you can get the size in bytes of function 'A' by subtracting the succeeding function, 'B'. Undefined/Unreliable compiler behavior at its best.
--- Code: ---
--- End code ---