During the development of the ASLR-NG we needed to
measure the real entropy of the ASLR. Peter Busser wrote
tool, which is a nice an powerful tool but does not
provide enough statistical information about the entropy
provided by the ASLR. Then we decided to develop ASLRA.
ASLRA is in beta state. We will release it as soon as we
have enough time to clean the code.
ASLRA is a statistical tool specially designed to
measure all the parameters that determine the quality of
ASLR implementations. It is composed of two
The sampler is executed in the target system (the
one to be analyzed). It launches thousands of
processes to collect information about a set of
given memory objects: Arguments, Stack, Heap,
Exec, Libs, Hugepages, etc. The raw results are
written to a file, which will later be processed.
The samples has been optimized to run as much
samples as possible in parallel, which allows to
collect enough samples to have representative
The output of the analyzer is a set of HTML pages
that can be easily studied using a web browser. We
have tried to make the interface very interactive
and easy to understand.
ASLR calculates the following parameters:
We are working on the co-entropy between objects. It is
a mathematical challenge due to the huge range of the
distributions in 64-bit systems, which makes it hard to
estimate the conditional entropy when the number of
samples is reduced (just a few millions out of
Also, documentation is still pending.
Also we plan to port the sampler to OS X.
The following patch
fixes the issue (the issue also present in 0.9.14):
diff -rupN paxtest-0.9.13/getmain.c paxtest-0.9.13.fixed/getmain.c
--- paxtest-0.9.13/getmain.c 2015-03-06 11:03:25.218686546 +0100
+++ paxtest-0.9.13.fixed/getmain.c 2015-03-06 11:16:41.614669807 +0100
@@ -7,10 +7,9 @@
+void __attribute__ ((noinline)) foo(void)
printf( "%p\n", __builtin_return_address(0) );
int main( int argc, char *argv )