#include <stdio.h>
int main() {
long local;
int (*mainptr)(void); /* declare a "pointer to function returning int" */
mainptr = main; /* address of main */
printf("%p,%p\n",&local,mainptr); /* print the two addresses */
return 0;
}
The printf statement outputs the address of the variable “local”, which should be on the stack right
after the return address, and then the address of the code for “main”.
Start by creating a source file aslrtest.c on your VM containing the above C program. Compile
it into an executable with the same name:
bash$ gcc -o aslrtest aslrtest.c
(As always, the “bash$” in the above represents the prompt and is not part of the command you
type.)
a. Turn off ASLR with the command:
echo 0 | sudo tee /proc/sys/kernel/randomize_va_space
Once you have ASLR disabled, run aslrtest 10 times. The following shell script will do that,
(assuming your shell is bash, which it is unless you’ve changed it yourself):
bash$ for i in {1..10}
> do
> ./aslrtest
> done
What range of output values to you observe for the first and second arguments?
b. Now re-enable ASLR (change “0” to “2” in the above command) and run the command again
100 times by replacing “10” with “100” in the above command. You will want to append the
output to a file:

bash$ for i in {1..100}
> do
> ./aslrtest >> testout
> done
This should produce a file with 100 lines, with 2 comma-separated numbers each. What range
of values do you observe in the first and second columns this time? (Hint: Read the file into
Excel and use the min and max functions to determine the minimum and maximum values
in each column. Or you can just do it by hand, or write a program to do it.) Does ASLR
randomize the address of pieces of code?

Think about how ASLR makes life harder for the bad guys.