[Dailydave] The sky's downward trajectory
Halvar Flake
halvar at gmx.de
Tue Feb 20 10:57:16 EST 2007
Correction on the terminology: I might have mis-used the word 'entropy'.
If you consider the number of possible memory states of the process address
space, there are a lot more than 2^8 -- for each DLL, the randomization will
consist of 8 bits, but this already provides for ~2^16 possibilities in the
case of
two DLLs, and more in other cases.
One should also consider that if a DLL base is randomized and mapped to the
address of an already mapped DLL, it will be relocated, quite possibly
outside
of any of the 255 addresses that it could've been mapped under by the
randomisation.
Cheers,
Halvar
More information about the Dailydave
mailing list