Questo potrebbe darti ulteriori informazioni:
Wikipedia
Address space layout randomization
Effectiveness
Address space layout randomization is based upon the low chance of an
attacker guessing the locations of randomly placed areas. Security is
increased by increasing the search space. Thus, address space
randomization is more effective when more entropy is present in the
random offsets. Entropy is increased by either raising the amount of
virtual memory area space over which the randomization occurs or
reducing the period over which the randomization occurs. The period is
typically implemented as small as possible, so most systems must
increase VMA space randomization.
To defeat the randomization, attackers must successfully guess the
positions of all areas they wish to attack. For data areas such as
stack and heap, where custom code or useful data can be loaded, more
than one state can be attacked by using NOP slides for code or
repeated copies of data. This allows an attack to succeed if the area
is randomized to one of a handful of values. In contrast, code areas
such as library base and main executable need to be discovered
exactly. Often these areas are mixed, for example stack frames are
injected onto the stack and a library is returned into.
ASLR rende il lavoro di sfruttamento molto più difficile ma non impossibile. Non penso che il numero di registro aumenti l'efficacia dell'ASLR. Se pratichi lo sfruttamento delle vulnerabilità vedrai che saltare / trovare l'indirizzo giusto in memoria del tuo shellcode è molto difficile con ASLR anche con i NOP. Se lo stack non è eseguibile (DEP), viene utilizzata la tecnica ancora più difficile e return to libc .
Un altro argomento simile
Ulteriori informazioni anche qui