Implement Bottom Up Randomization (Windows platform)
To improve ASLR efficiency you could add Bottom Up Randomization.
Matt Miller told Didier Stevens how he did. So I know that too.
“It works by reserving a random number (between [0,256]) of 64K regions via VirtualAlloc. This has the effect of consuming a small portion of the bottom part of the address space. Since the Windows kernel assigns base addresses for collided DLLs by searching for a free region starting at the bottom of the address space, bottom up randomization ensures that a random base address will be assigned. Without bottom up randomization the bottom part of the address space remains fairly static (with some exceptions, such as due to heap, stack, and EXE randomization).”
Code "int iIter; int iRand;
srand(time(NULL)); iRand = rand() % 256 + 1; for (iIter = 0; iIter < iRand; iIter++) VirtualAlloc(NULL, 64*1024, MEM_COMMIT | MEM_RESERVE, PAGE_NOACCESS);"
"In stead of 15 base addresses, with the most frequent address being using 30% of the time, my Bottom Up Randomization implementation gives me more than 300 addresses after 150.000 runs. And there’s no single address being used more than 0,5% of the time."
An comment adds that only MEM_RESERVE should be used for VirtualAlloc, because MEM_COMMIT would require more memory. Didier Stevens replies that this is possible although the additional memory wouldn't be much.
BTW: It's impossible to chose an component, because all binaries (Tor/Vidalia at least) should make use of it.