How does Apples's own ASLR implementation work?

Question

According to ASLR(Address Space Layout Randomization), It provides random stack and heap allocations and page load every time a process starts, and randomize the address where objects are placed in virtual space of a given process.

But in my application running on ios, i create an object named ObjectA, after several reload the process ,i found that the address of ObjectA is all the same ,no randomize.

How does Apples's own ASLR implementation work? Why ObjectA's address is all the same?

Answer 1

What you mean for "several reload"? You should explicitly quit the application, because of the multitasking you might reopen the same process.

eg. This is one of my applications printing out the address of a UIViewController instance, as you can see the address of the object is different in every execution.

First run: <DCViewController: 0x13d4a0>
Second run: <DCViewController: 0x2880f0>
Third run: <DCViewController: 0x2a2050>

(I do not think this is the case but in XCode there's an option to enable PIE (Position Independent Executable) under "Build Settings" and it's called "Don't Create Position Indipendent Executables", you can find it easily but typing "pie" in the search box. This option should be set to No).

EDIT:

Moreover Xcode will only make PIE binaries if deployment target is >= 4.3

Hope this helps =)

Answer 2

For completeness, the guy who did the work to answer that question was Dino Zovi in Apple iOS 4 Security Evaluation. My apologies if someone else published before Dino (I am not aware of the work or who you are).

Zovi published his stuff well before Apple published iOS Security. Dino's work is still more complete.