Bypass ASLR for debugging purposes

Hello,

Look at this basic C program:

#include <stdio.h>

int main()
{
	printf("%llx\n", main);
	return 0;
}

The displayed address change on each run. This is due to ASLR.

Is there a way to launch a program by forcing the main module's base address

I would like to do something like that in my terminal:

$ BASE_ADDRESS=0x10000 ./a.out

How can i do that on mac os ?

Is it possible to force base address loading for shared libraries too ?

Thanks

On Apple silicon? Or Intel?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

I would like to add something: When we debug a program with lldb, it seems base address is always 0x100000000 on macOS Sonoma (Apple Silicon). So if lldb is able to force a target program's base address, we might have a way to do that too ?

And is there a way to disable ASLR for a specific binary when compiling it on macOS ?

Thanks

The whole concept of position dependent executables is deprecated. While there are some compatibility affordances for this on Intel, none of these are available on Apple silicon.

Hofi wrote:

Even though man ld shows it as an available command line switch, its usage gives a warning … and seems not to be working anymore.

This is related to the transition from ld64 to ld_prime. See An Apple Library Primer for more on that.

My question for both of you: Why do you need this? What specific higher-level goal are you trying to accomplish?

This matters because, if the goal is some sort of testing or debugging thing, there’s probably some sort of reasonable path forward. However, if you intend to ship a product that relies on running an executable a specific address, I recommend that you rethink your plans.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Bypass ASLR for debugging purposes
 
 
Q