UPDATED Adding Address Space Layout Randomization to PB
Posted: Sat Aug 17, 2013 6:14 pm
Hi to All.
Works on both x86 x64
Got looking into (Address Space Layout Randomization) today, as PB and PellesC does not directly support the switch "/DYNAMICBASE" I decided to have a search around to see what i could come up with.
This is what i have come up with, which ProcExplorer shows that i`m able to set aslr active on PB Executables. Have done some testing seems to be be working ok, no problems yet
.
Basically in pellesC forum posted by timovjl (Thanks) some C code how to enable aslr. I have compiled the c code with PellesC (x86) as described http://forum.pellesc.de/index.php?topic=5185.0 programmed a small tool for PBide, allowing enabling asrl on the compiled exe.
If you compile the code yourself from PelleC forum, you will need to set the "enable microsoft extensions" in the "project options\compiler options"
You will also need to create a txt file for the linker option in PBide. The options in the txt file need to be on seperate lines and trimmed.
1. compile & set up the tool in the PBide.
PBide Settings:
2. create linker option file (of type .txt)
Linker options: /FIXED:NO /NXCOMPAT ; place in options file
3. set the linker option to point to the linker file in the PBide
4. create exe for the program you want aslr on
5. run the tool from the menu
Set_ALSR_Bit.exe tool to enable aslr http://goo.gl/iZucrt :MD5=0bd4bb3c32a74a659b59fa9597ce44f1
Pbide tool
Address Space Layout Randomization converted to PB from C
Zebuddi.
Works on both x86 x64
Got looking into (Address Space Layout Randomization) today, as PB and PellesC does not directly support the switch "/DYNAMICBASE" I decided to have a search around to see what i could come up with.
This is what i have come up with, which ProcExplorer shows that i`m able to set aslr active on PB Executables. Have done some testing seems to be be working ok, no problems yet
.Basically in pellesC forum posted by timovjl (Thanks) some C code how to enable aslr. I have compiled the c code with PellesC (x86) as described http://forum.pellesc.de/index.php?topic=5185.0 programmed a small tool for PBide, allowing enabling asrl on the compiled exe.
If you compile the code yourself from PelleC forum, you will need to set the "enable microsoft extensions" in the "project options\compiler options"
You will also need to create a txt file for the linker option in PBide. The options in the txt file need to be on seperate lines and trimmed.
1. compile & set up the tool in the PBide.
PBide Settings:
2. create linker option file (of type .txt)
Linker options: /FIXED:NO /NXCOMPAT ; place in options file
3. set the linker option to point to the linker file in the PBide
4. create exe for the program you want aslr on
5. run the tool from the menu
Set_ALSR_Bit.exe tool to enable aslr http://goo.gl/iZucrt :MD5=0bd4bb3c32a74a659b59fa9597ce44f1
Pbide tool
Code: Select all
dl.s=Chr(13)+Chr(13)
exe.s="Set_ALSR_Bit.exe" ; point the working directory in the PBide tools setup to where you place this tool.
If ProgramParameter(0)
ex=RunProgram(exe,ProgramParameter(0),"",#PB_Program_Open | #PB_Program_Read|#PB_Program_Hide)
If ex
While ProgramRunning(ex)
If AvailableProgramOutput(ex)
Output$ + Trim(ReadProgramString(ex)) + Chr(13)
EndIf
Wend
If FindString(Output$,"missing reloc section")
Output$=Output$+"Error --- ( Linker Options Text File ) --- Needs To Be Set in Compiler Options"
EndIf
MessageRequester("Pure ALSR", "FILE: "+ProgramParameter(0)+dl+"RESULT: "+Output$)
Else
MessageRequester("Pure ALSR","PROGRAM ERROR: "+dl+"FILE: "+ProgramParameter(0))
EndIf
Else
MessageRequester("Pure ALSR","PROGRAM ERROR: NO FLENAME PASSED AS PARAMETER")
EndIf
EndAddress Space Layout Randomization converted to PB from C
Code: Select all
;{ --structs
Structure IMAGE_OPTIONAL_HEADER32
Magic.w
MajorLinkerVersion.b
MinorLinkerVersion.b
SizeOfCode.l
SizeOfInitializedData.l
SizeOfUninitializedData.l
AddressOfEntryPoint.l
BaseOfCode.l
BaseOfData.l ; в х64 архитектуре убрано
ImageBase.l ; в х64 архитектуре расширено до 8 bytes (64-bit)
SectionAlignment.l
FileAlignment.l
MajorOperatingSystemVersion.w
MinorOperatingSystemVersion.w
MajorImageVersion.w
MinorImageVersion.w
MajorSubsystemVersion.w
MinorSubsystemVersion.w
Win32VersionValue.l
SizeOfImage.l
SizeOfHeaders.l
CheckSum.l
Subsystem.w
DllCharacteristics.w
SizeOfStackReserve.l ; в х64 архитектуре расширено до 8 bytes (64-bit)
SizeOfStackCommit.l ; в х64 архитектуре расширено до 8 bytes (64-bit)
SizeOfHeapReserve.l ; в х64 архитектуре расширено до 8 bytes (64-bit)
SizeOfHeapCommit.l ; в х64 архитектуре расширено до 8 bytes (64-bit)
LoaderFlags.l
NumberOfRvaAndSizes.l
DataDirectory.IMAGE_DATA_DIRECTORY[16]
EndStructure
Structure IMAGE_NT_HEADERS32
Signature.l
FileHeader.IMAGE_FILE_HEADER
OptionalHeader.IMAGE_OPTIONAL_HEADER32
EndStructure
Structure IMAGE_SECTION_HEADER
SecName.b[8]
StructureUnion
PhysicalAddr.l
VirtualSize.l
EndStructureUnion
VirtualAddress.l
SizeOfRawData.l
PointerToRawData.l
PointerToRelocations.l
PointerToLinenumbers.l
NumberOfRelocations.w
NumberOfLinenumbers.w
Characteristics.l
EndStructure
Structure IMAGE_SECTION_HEADERS
ish.IMAGE_SECTION_HEADER[64]
EndStructure
Structure IMAGE_OPTIONAL_HEADER64
Magic.w
MajorLinkerVersion.b
MinorLinkerVersion.b
SizeOfCode.l
SizeOfInitializedData.l
SizeOfUninitializedData.l
AddressOfEntryPoint.l
BaseOfCode.l
ImageBase.q
SectionAlignment.l
FileAlignment.l
MajorOperatingSystemVersion.w
MinorOperatingSystemVersion.w
MajorImageVersion.w
MinorImageVersion.w
MajorSubsystemVersion.w
MinorSubsystemVersion.w
Win32VersionValue.l
SizeOfImage.l
SizeOfHeaders.l
CheckSum.l
Subsystem.w
DllCharacteristics.w
SizeOfStackReserve.q
SizeOfStackCommit.q
SizeOfHeapReserve.q
SizeOfHeapCommit.q
LoaderFlags.l
NumberOfRvaAndSizes.l
EndStructure
Structure IMAGE_NT_HEADERS64
Signature.l;
FileHeader.IMAGE_FILE_HEADER ;
OptionalHeaderI.IMAGE_OPTIONAL_HEADER64 ;
EndStructure ; IMAGE_NT_HEADERS64, *PIMAGE_NT_HEADERS64;
;} --end structs
Declare ProcessFile(hFile.i , *pMem)
#IMAGE_DOS_SIGNATURE = 23117 ; 0x5A4D - MZ
#IMAGE_OS2_SIGNATURE = 17742 ; 0x454E - NE
#IMAGE_OS2_SIGNATURE_LE = 17740 ; 0x454C - LE
#IMAGE_NT_SIGNATURE = 17744 ;0x00004550 - PE00
#IMAGE_NT_OPTIONAL_HDR64_MAGIC = 523 ; 0x20B
Define hFile.i , hMapping.i, *pMEM
; ----- MAIN ------
If OpenConsole("Pure ASLR")
If Not Bool(ProgramParameter(0))
PrintN("Usage: PESetASLR.exe <file>")
Input()
CloseConsole()
End
Else
hFile=CreateFile_(ProgramParameter(0), #GENERIC_READ|#GENERIC_WRITE,0,#Null,#OPEN_EXISTING,0,#Null)
If hFile <> #INVALID_HANDLE_VALUE
hMapping = CreateFileMapping_(hFile,#Null, #PAGE_READWRITE,0,0,#Null)
If hMapping
*pMEM= MapViewOfFile_(hMapping,#FILE_MAP_WRITE,0,0,0)
If *pMEM
ProcessFile(hFile, *pMEM)
UnmapViewOfFile_(*pMEM)
Else
PrintN("Error Opening File")
CloseHandle_(hMapping)
EndIf
Else
PrintN("FileMapping Error")
CloseHandle_(hFile)
EndIf
PrintN("Error Opening File")
Input()
CloseConsole()
End
EndIf
EndIf
EndIf
Procedure.i ProcessFile(hfile.i, *pMEM)
Protected pDosHdr.IMAGE_DOS_HEADER
Protected pNTHeader.IMAGE_NT_HEADERS
Protected pNTHeader64.IMAGE_NT_HEADERS64
Protected nRelocs.l,bIs64Bit.b
*pDosHdr.IMAGE_DOS_HEADER = *pMEM
If *pDosHdr\e_magic <> #IMAGE_DOS_SIGNATURE
ProcedureReturn 1
EndIf
*pNTHeader.IMAGE_NT_HEADERS=*pMEM+*pDosHdr\e_lfanew
*pNTHeader64.IMAGE_NT_HEADERS64=*pNTHeader
If (*pNTHeader\OptionalHeader\DllCharacteristics And 64)
PrintN("ASLR Bit Already Set")
ProcedureReturn 1
EndIf
bIs64Bit=Bool(*pNTHeader\OptionalHeader\Magic = #IMAGE_NT_OPTIONAL_HDR64_MAGIC)
If nRelocs=*pNTHeader\OptionalHeader\DataDirectory[5]\Size
Else
nRelocs=*pNTHeader\OptionalHeader\DataDirectory[5]\Size
EndIf
If Not nRelocs
PrintN("Missing Relocation Section")
ProcedureReturn 2
EndIf
*pNTHeader\OptionalHeader\DllCharacteristics=*pNTHeader\OptionalHeader\DllCharacteristics+64 ;0x40
PrintN("ASLR Bit Set")
ProcedureReturn 0
EndProcedure