I am patching an exe file using OllyDbg and I am accessing a specific memory address this way MOV EAX, DWORD PTR DS:[00DE3DA0] at two locations. The first location is at an instruction I've replaced somewhere in the middle of the file, the other one is at the very bottom where were some empty spaces that I could use for new instructions. My issue is that after ASLR occurs/after windows restart, the bottom instruction's memory address won't be changed according to the new address layout thus my read will be incorrect there, but at the other location the address will be automatically set to the correct one by the ASLR and my code will always work there. Also my newest observation is that this memory regeneration only happens to my code if the instruction I am replacing included reading / writing to an other memory address in DS like DS:[xxxxxxxx].
I am looking for information in what logic does the ASLR decide to regenerate an address? Is it possible to make my bottom code to regenerate like the above one?
question from:
https://stackoverflow.com/questions/65906061/on-what-logic-aslr-changes-the-memory-addresses-on-a-files-assembly-code 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
