On what logic ASLR changes the memory addresses on a file’s Assembly code?

  aslr, assembly, relocation, reverse-engineering, windows

I am patching an exe file using OllyDbg and I am accessing a specific memory address this way MOV EAX, DWORD PTR DS:[00DE3DA0] at two locations. The first location is at an instruction I’ve replaced somewhere in the middle of the file, the other one is at the very bottom where were some empty spaces that I could use for new instructions. My issue is that after ASLR occurs/after windows restart, the bottom instruction’s memory address won’t be changed according to the new address layout thus my read will be incorrect there, but at the other location the address will be automatically set to the correct one by the ASLR and my code will always work there. Also my newest observation is that this memory regeneration only happens to my code if the instruction I am replacing included reading / writing to an other memory address in DS like DS:[xxxxxxxx].

I am looking for information in what logic does the ASLR decide to regenerate an address? Is it possible to make my bottom code to regenerate like the above one?

Source: Windows Questions

LEAVE A COMMENT