ASLR (C code) converted to PB

[Zebuddi123]

Address Space Layout Randomization converted from C to Pb. add aslr to you programs, added layer of security against Hackers\virus etc
from PellesC forum by timovjl, http://forum.pellesc.de/index.php?topic ... 2#msg19922

Code: Select all

;{ --structs
Structure IMAGE_OPTIONAL_HEADER32 
	Magic.w 
	MajorLinkerVersion.b 
	MinorLinkerVersion.b 
	SizeOfCode.l 
	SizeOfInitializedData.l 
	SizeOfUninitializedData.l 
	AddressOfEntryPoint.l 
	BaseOfCode.l 
	BaseOfData.l                                           
	ImageBase.l                               
	SectionAlignment.l 
	FileAlignment.l 
	MajorOperatingSystemVersion.w 
	MinorOperatingSystemVersion.w 
	MajorImageVersion.w 
	MinorImageVersion.w 
	MajorSubsystemVersion.w 
	MinorSubsystemVersion.w 
	Win32VersionValue.l 
	SizeOfImage.l 
	SizeOfHeaders.l 
	CheckSum.l 
	Subsystem.w 
	DllCharacteristics.w 
	SizeOfStackReserve.l                   
	SizeOfStackCommit.l                     
	SizeOfHeapReserve.l                     
	SizeOfHeapCommit.l                      
	LoaderFlags.l 
	NumberOfRvaAndSizes.l 
	DataDirectory.IMAGE_DATA_DIRECTORY[16] 
EndStructure 

Structure IMAGE_NT_HEADERS32 
	Signature.l 
	FileHeader.IMAGE_FILE_HEADER 
	OptionalHeader.IMAGE_OPTIONAL_HEADER32 
EndStructure 

Structure IMAGE_SECTION_HEADER 
	SecName.b[8] 
	StructureUnion 
		PhysicalAddr.l 
		VirtualSize.l 
	EndStructureUnion 
	VirtualAddress.l 
	SizeOfRawData.l 
	PointerToRawData.l 
	PointerToRelocations.l 
	PointerToLinenumbers.l 
	NumberOfRelocations.w 
	NumberOfLinenumbers.w 
	Characteristics.l 
EndStructure 

Structure IMAGE_SECTION_HEADERS 
	ish.IMAGE_SECTION_HEADER[64] 
EndStructure 


Structure IMAGE_OPTIONAL_HEADER64
	Magic.w
	MajorLinkerVersion.b
	MinorLinkerVersion.b
	SizeOfCode.l
	SizeOfInitializedData.l
	SizeOfUninitializedData.l
	AddressOfEntryPoint.l
	BaseOfCode.l
	ImageBase.q
	SectionAlignment.l
	FileAlignment.l
	MajorOperatingSystemVersion.w
	MinorOperatingSystemVersion.w
	MajorImageVersion.w
	MinorImageVersion.w
	MajorSubsystemVersion.w
	MinorSubsystemVersion.w
	Win32VersionValue.l
	SizeOfImage.l
	SizeOfHeaders.l
	CheckSum.l
	Subsystem.w
	DllCharacteristics.w
	SizeOfStackReserve.q
	SizeOfStackCommit.q
	SizeOfHeapReserve.q
	SizeOfHeapCommit.q
	LoaderFlags.l
	NumberOfRvaAndSizes.l
EndStructure
Structure IMAGE_NT_HEADERS64 
	Signature.l;
	FileHeader.IMAGE_FILE_HEADER ;
	OptionalHeaderI.IMAGE_OPTIONAL_HEADER64 ;
EndStructure    ;   IMAGE_NT_HEADERS64, *PIMAGE_NT_HEADERS64;
;} --end structs

Declare ProcessFile(hFile.i , *pMem)

#IMAGE_DOS_SIGNATURE    =       23117     ;  0x5A4D - MZ
#IMAGE_OS2_SIGNATURE    =        17742 ; 0x454E  - NE
#IMAGE_OS2_SIGNATURE_LE =     17740 ; 0x454C  - LE
#IMAGE_NT_SIGNATURE  =	           17744  ;0x00004550 - PE00
#IMAGE_NT_OPTIONAL_HDR64_MAGIC = 523 ; 0x20B

Define hFile.i , hMapping.i, *pMEM

;  ----- MAIN ------
If OpenConsole("Pure ASLR")
	If Not  Bool(ProgramParameter(0))
		PrintN("Usage: PESetASLR.exe <file>")
		Input()
		CloseConsole()
		End
	Else
		hFile=CreateFile_(ProgramParameter(0), #GENERIC_READ|#GENERIC_WRITE,0,#Null,#OPEN_EXISTING,0,#Null)
		If hFile <> #INVALID_HANDLE_VALUE
			hMapping = CreateFileMapping_(hFile,#Null, #PAGE_READWRITE,0,0,#Null)
			If hMapping
				*pMEM= MapViewOfFile_(hMapping,#FILE_MAP_WRITE,0,0,0)
				If *pMEM
					ProcessFile(hFile, *pMEM)
					UnmapViewOfFile_(*pMEM)
				Else
					PrintN("Error Opening File")
					CloseHandle_(hMapping)
				EndIf
			Else
				PrintN("FileMapping Error")
				CloseHandle_(hFile)
			EndIf
			PrintN("Error Opening File")
			Input()
			CloseConsole()
			End
		EndIf
	EndIf
EndIf

Procedure.i  ProcessFile(hfile.i, *pMEM)
	Protected pDosHdr.IMAGE_DOS_HEADER
	Protected pNTHeader.IMAGE_NT_HEADERS
	Protected pNTHeader64.IMAGE_NT_HEADERS64
	Protected nRelocs.l,bIs64Bit.b
	
	*pDosHdr.IMAGE_DOS_HEADER = *pMEM
	
	If *pDosHdr\e_magic <> #IMAGE_DOS_SIGNATURE
		ProcedureReturn 1
	EndIf
	
	*pNTHeader.IMAGE_NT_HEADERS=*pMEM+*pDosHdr\e_lfanew
	*pNTHeader64.IMAGE_NT_HEADERS64=*pNTHeader
	
	If (*pNTHeader\OptionalHeader\DllCharacteristics And 64)
		PrintN("ASLR Bit Already Set")
		ProcedureReturn 1
	EndIf
	
	bIs64Bit=Bool(*pNTHeader\OptionalHeader\Magic = #IMAGE_NT_OPTIONAL_HDR64_MAGIC)
	
	If nRelocs=*pNTHeader\OptionalHeader\DataDirectory[5]\Size
	Else 
		nRelocs=*pNTHeader\OptionalHeader\DataDirectory[5]\Size
	EndIf
	
	If Not  nRelocs
		PrintN("Missing Relocation Section")
		ProcedureReturn 2
	EndIf
	
	*pNTHeader\OptionalHeader\DllCharacteristics=*pNTHeader\OptionalHeader\DllCharacteristics+64 ;0x40
	PrintN("ASLR Bit Set")
	ProcedureReturn 0
EndProcedure

The C code:

Code: Select all

/* PESetASLR.c */
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
//#include <winnt.h>
#include <stdio.h>

int ProcessFile(HANDLE hFile, PBYTE pMem);

int main(int argc, char **argv)
{
	HANDLE hFile, hMapping;
	VOID *pMem;

	if (argc < 2) {
		printf("Usage: PESetASLR.exe <file>\n");
		return 1;
	}
	hFile = CreateFile(argv[1], GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
	if (hFile != INVALID_HANDLE_VALUE) {
		hMapping = CreateFileMapping(hFile, NULL, PAGE_READWRITE, 0, 0, NULL);
		if (hMapping) {
			pMem = MapViewOfFile(hMapping, FILE_MAP_WRITE, 0, 0, 0);
			if (pMem) {
				ProcessFile(hFile, pMem);
				UnmapViewOfFile(pMem);
			} else
				printf("File open error");
			CloseHandle(hMapping);
		} else
			printf("FileMapping error");
		CloseHandle(hFile);
	} else
		printf("File open error");
	return 0;
}

int ProcessFile(HANDLE hFile, PBYTE pMem)
{
	PIMAGE_DOS_HEADER pDosHdr;
	PIMAGE_NT_HEADERS pNTHeader;
	PIMAGE_NT_HEADERS64 pNTHeader64;
	DWORD nRelocs;

	pDosHdr = (PIMAGE_DOS_HEADER)pMem;
	if (pDosHdr->e_magic != IMAGE_DOS_SIGNATURE)
		return 1;
	pNTHeader = (PIMAGE_NT_HEADERS)(pMem+pDosHdr->e_lfanew);
	pNTHeader64 = (PIMAGE_NT_HEADERS64)pNTHeader;
	if (pNTHeader->OptionalHeader.DllCharacteristics & 0x0040) {
		printf("ASLR bit already set\n");
		return 1;
	}
	BOOL bIs64Bit = ( pNTHeader->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC );
	if (bIs64Bit) nRelocs = pNTHeader64->OptionalHeader.DataDirectory[5].Size;
	else nRelocs = pNTHeader->OptionalHeader.DataDirectory[5].Size;
	if (!nRelocs) {
		printf("missing reloc section\n");
		return 2;
	}
	pNTHeader->OptionalHeader.DllCharacteristics += 0x0040;
	printf("ASLR bit set\n");
	return 0;
}

Zebuddi.

[em_uk]

Nice stuff!

[Nico]

simpler version

Code: Select all

Procedure.l SetASLRandDEP(File.s, Option.l)
  Protected Ret.l = 0, ext.s, Size.q, DllCharacteristics.w, e_lfanew.l, Magic.w
  
  If FileSize(File) > 0
    ext = LCase(GetExtensionPart(File))
    If ext = "exe" Or ext = "dll"
      ID.i = OpenFile(#PB_Any, File)
      
      If ID <> 0
        Size = Lof(ID)
        If Size > 312
          FileSeek(ID, 60)
          e_lfanew = ReadLong(ID)
          FileSeek(ID, e_lfanew + 24)
          Magic = ReadWord(ID)
          If Magic = $10b
            Ret = $10b ; 32bit
          ElseIf Magic = $20b
            Ret = $20b ; 64 bit
          Else
            Ret = 0
          EndIf
          
          If Ret > 0
            FileSeek(ID, e_lfanew + 24 + 70)
            DllCharacteristics = ReadWord(ID)  
            FileSeek(ID, e_lfanew + 24 + 70)
            If Option > 0
              WriteWord(ID, DllCharacteristics | $40 | $100 )  
            Else 
              WriteWord(ID, DllCharacteristics & ~$40 & ~$100 )
            EndIf
          EndIf
        EndIf
        CloseFile(ID)
      EndIf 
    EndIf
  EndIf
  
  ProcedureReturn Ret
EndProcedure

Debug SetASLRandDEP( "Your exe or Dll", 0)

[Zebuddi123]

@Nico Cool Stuff but Dangerous

A hacker can switch ASLR off at will Rendering ASLR security useless and pointless

Like i`ve always believed ! if ya know some things format its not secure and can i just nsa somebody allways knows the format

Zebuddi.

[Nico]

yes, you're right, but do not forget that professional software is digitally signed.

It seems to 64-bit OS, DEP is enable automatically for 64 bit software.