ASLR doesn’t prevent buffer overflows – it just makes it harder to exploit them to perform code execution.
When I exploit a buffer overflow, what I’m most likely doing is overwriting the parts of the stack containing the *return address* by custom addresses of my choosing.
If I don’t know what addresses to write into the stack, I can’t figure out how to make the program jump where I want it to jump!
Latest Answers