[OneLessThing]

1) ASLR: address space layout randomization 2) Yeah libc is commonly ropped against (though you'd need to check with a linux guy) 3) Yes ASLR is a compiler option (/DYANMICBASE for windows). For windows a flag exists in the PE header, probably something similar in ELFs. When loaded the modules are fixed up so pointers and such are correct.