Jump to content
Tuts 4 You
Sign in to follow this  
Readme

Remove ASLR programmatically

Recommended Posts

Readme

does someone of tuts4you know how to disable/remove the "dll can load" (IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE) in programming code?


 


 


 


we know this IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE is equal to 0x40, so is it a correct way to substract 0x40 from the DllCharacteristics?


 


so in example



NTheader->OptionalHeader.DllCharacteristics = NTheader->OptionalHeader.DllCharacteristics - 0x40;

Share this post


Link to post
Aguila

It is a flag. You check a flag with AND and you can delete a flag with XOR.


 


if (OptionalHeader.DllCharacteristics & IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE)


OptionalHeader.DllCharacteristics ^= IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE


  • Like 1

Share this post


Link to post
Readme

Thanks aguila, works perfect! Thanks a twice for the AND / XOR info. Didn't know this. 


Share this post


Link to post
mrexodia

You could also delete the flag by just using the AND operation.

DWORD info=0x40;info|=4; //make info 0x44info&=~4; //keep everything, except 0x4 -> makes info 0x40 again
  • Like 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...