Just made another test and all this happens without the DLL installed too. In AlwaysOn Zapper.Exe does not start, in OptOut it does start, even...
I just noticed something strange with the DLL. I have this app installed (Zapper 1.7.1 Build 236), it is old, build with Pascal:...
That sounds interesting. It is actually just the virtual address space getting randomized, meaning that it could use the entire available address...
Below I calculated the probability to guess a specific address if randomized by ASLR. I also added the number of attacks needed on average to...
win64/ASLR flag: stack: 4096 addresses | max occurance same address: 22 static heap: 254 addresses | max occurance same address: 189...
strange, the results are almost the same even though I changed the source code to log 64-bit addresses. am running it a second time now. this is...
oh, have do redo the 64-bit tests.....i only logged 4 bytes of the address....my bad.
looks a bit whack
win32/ASLR flag: stack: 25301 addresses | max occurance of same address: 14 static heap: 254 addresses | max occurance...
So here are the results for 64-bit with ASLR option enabled when compiling: http://www.filedropper.com/aslr64a_1 And here without the ASLR...
Too early to draw many conclusions from this, but one can only strongly suggest to recompile apps with the flag enabled, because the stack and...
Would be fun to compare it to some linux system running PAX? Any volunteers? :-]
Here is the result of the same test if the application is not compiled with ASLR enabled: http://www.filedropper.com/aslr32b As expected the...
And regarding the static stack addresses that caused the overflow.exe ASLR test to fail I did some more research today here:...
Hi, I thought it would be fun to do some tests of ASLR on Windows7. Therefore I created the following tools: 1. A small C program that...
To come back to the topic a little bit....I just discovered/remembered that overflow.exe has one additional parameters. If you specify one of the...
I guess you mean hardware DEP, right? Because software DEP does absolutely nothing but protecting from the SEH overwrite exploit. They should...
I codesigned it by the way so I don't have to set the RequireSignedAppInit_DLLs. Here is a little tip (it was working in january don't know if...
[IMG] <--- Windows7 x64 SP1 Looks good. :) Thanks a lot. Nice improvement! I don't like the idea that a process can turn off its own protection...
Thanks!! Will try it right now.... By the way, how good is ASLR theese days. The last time I did read about it, ASLR was providing not enough...
If I get it correctly (from looking at the screenshot) you have successfully found a way with your DLL to have the possibility of excluding...
Hi Y'all, This is Andreas from Sys-Manage. Just to clarify things a lil bit. DepTest.Exe is a GUI that launches overflow.exe multiple times to...
Separate names with a comma.