DISABLING ASLR (LINUX)

When reverse engineering a program and stepping through it with a debugger like GDB, ASLR (Address Space Layout Randomization) causes memory addresses to change every time the program runs. This randomness can make it difficult to track the flow of execution, locate functions, or inspect the stack reliably. Temporarily disabling ASLR ensures that memory addresses remain consistent across runs, providing a deterministic debugging environment. This allows reverse engineers to accurately study a program’s behavior, inspect memory and control flow, and, in security research contexts, analyze vulnerabilities or craft exploits without being hindered by shifting memory layouts.

METHOD 1: TEMPORARY (SINGLE PROCESS)

This temporarily disable ASLR on a single process during debugging.

root@oco:~$ setarch `uname -m` -R ./27_stack_overflow.out

 * this cmd will run the program in the absence of ASLR
 * the uname -m prints the machine hardware name (architecture) of the system.
 * the -R option of setarch disables ASLR (Address Space Layout Randomization) 
   temporarily for the process being run.
    - by default, Linux randomizes memory layout to make 
      exploits (like stack overflows) harder.
       - the -R overrides this for the launched process so memory addresses are 
         predictable, which is useful for debugging or exploiting.
       - this only affects the program being run with setarch; system-wide ASLR is 
         unchanged.

 * can provide the /bin/bash if not providing the program name
    - setarch `uname -m` -R /bin/bash

METHOD 2: TEMPORARY (SYSTEM-WIDE)

This temporarily disable ASLR system-wide during debugging sessions and only last until the next reboot.

root@oco:~$ cat /proc/sys/kernel/randomize_va_space
 2
 
 * this means the ASLR is active
 
root@oco:~$ sudo bash -c "echo 0 > /proc/sys/kernel/randomize_va_space"

 * some OS doesn't treat the redirection with super user privileges
    - sudo echo 0 > /proc/sys/kernel/randomize_va_space
    - when this issue is encountered, simply run bash as a super user then proceed 
      w/ the cmd
    
 * the "bash -c" cmd will execute the string inside as a command in a new Bash shell.

root@oco:~$ cat /proc/sys/kernel/randomize_va_space
 0

Last updated