Reverse engineering is the process of analyzing a product, system, or piece of software in order to understand how it works.
Disable ASLR on the whole system :
# Turn OFF echo 0 | sudo tee /proc/sys/kernel/randomize_va_space # Turn ON echo 2 | sudo tee /proc/sys/kernel/randomize_va_space
The value is stored on IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE at offset 0x40.
Disable ASLR on a binary (2 options) :
- Open the binary with PEStudio, go to
- Open the binary with CFFExplorer, go to
Optional Header, click on
DLL can move.