Open DavidBurkett opened 5 years ago
My educated guess is that he either didn't know or he was aware of the limitations of ASLR back then and decided to "roll-his-own".
Even today when the entire base system in Windows 10 uses ASLR, image randomization on Windows is per-boot, not per-process. This means that attackers can guess the location of code pretty reliably. The stack itself is randomized per-process though.
ASLR was indeed available (w/ the release of Windows Vista in 2007): https://docs.microsoft.com/en-us/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=vs-2019
Forgot to add some relevant references: https://github.com/bitcoin/bitcoin/issues/1130 https://github.com/bitcoin/bitcoin/issues/1603
Ok
I was hoping to see your thoughts on IMPLEMENT_RANDOMIZE_STACK when you documented ThreadOpenConnections, but I saw it was glossed over. It's always been something that bothered me for some reason. 1) Why not just use built-in ASLR? Pretty sure VS and mingw supported it. 2) How does it actually work? It doesn't seem like it should, but I'm a bit of a simpleton. 3) Have you ever seen anyone do anything similar? I've looked at a lot of old C/C++ code, and have never come across anything like it.