Disabling ASLR and DEP in Visual Studio 2013

I’m working my way through some buffer overflow exploits on Windows. The ‘Hello World’ of stack-based buffer overflows is to pack a payload on the stack and ret into it. By default – for very good reason – the VS linker has DEP and ASLR enabled for native projects. ASLR tries to make it so an attacker can’t predict the stack address (or other module addresses) to jump into because the base image will be loaded into a random location. DEP marks the stack section not executable so payloads placed on the stack will not run.

To turn these security features off change the following linker settings on your project

  1. Linker->Advanced set Randomized Base Address to No
    (/DYNAMICBASE:NO)
  2. Linker->Advanced set Data Execution Prevention (DEP) to No
    (/NXCOMPAT:NO)

Rebuild the project and break in VS to examine EBP. It should be the same each time you run.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s