What is ASLR? ASLR (Address Space Layout Randomization) is a feature within common executable formats, such as PE & ELF.
ASLR is a technique that rearranges some of the most important parts of a process' memory, such as the base address, stack & heap
of the program for security, thus making it impossible to exploit the program with known addresses.
What is DEP? DEP (Data Execution Prevention) is a technique used to 'mark' regions of process' memory as not executable, so that an
attempt to execute machinecode within these regions of memory, will rise an exception and stop the execution of the program.
This code will cripple both of these security measures, making it easier to exploit the target program (not having to use pattern scanning or having to calculate the actual address from pointers, e.g).
Code:
#include <Windows.h>
#include <ImageHlp.h>
#include <iostream>
using namespace std;
#pragma comment(lib, "ImageHlp.lib")
bool Flag(LPCSTR path, bool ASLR, bool DEP)
{
LOADED_IMAGE PE;
if (MapAndLoad(path, 0, &PE, 0, 0))
{
if (ASLR) // Enable address space layout randomization
PE.FileHeader->OptionalHeader.DllCharacteristics = IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE;
else // Disable address space layout randomization
PE.FileHeader->OptionalHeader.DllCharacteristics = NULL;
if (DEP) // Enable data execution prevention
PE.FileHeader->OptionalHeader.DllCharacteristics = IMAGE_DLLCHARACTERISTICS_NX_COMPAT;
else // Disable data execution prevention
PE.FileHeader->OptionalHeader.DllCharacteristics = NULL;
UnMapAndLoad(&PE);
return true;
}
return false;
}
int main()
{
Flag("test.exe", false, false);
}