ASLR (C code) converted to PB
Posted: Sun Aug 18, 2013 12:11 pm
Address Space Layout Randomization converted from C to Pb. add aslr to you programs, added layer of security against Hackers\virus etc 
from PellesC forum by timovjl, http://forum.pellesc.de/index.php?topic ... 2#msg19922
The C code:
Zebuddi. 
from PellesC forum by timovjl, http://forum.pellesc.de/index.php?topic ... 2#msg19922
Code: Select all
;{ --structs
Structure IMAGE_OPTIONAL_HEADER32
Magic.w
MajorLinkerVersion.b
MinorLinkerVersion.b
SizeOfCode.l
SizeOfInitializedData.l
SizeOfUninitializedData.l
AddressOfEntryPoint.l
BaseOfCode.l
BaseOfData.l
ImageBase.l
SectionAlignment.l
FileAlignment.l
MajorOperatingSystemVersion.w
MinorOperatingSystemVersion.w
MajorImageVersion.w
MinorImageVersion.w
MajorSubsystemVersion.w
MinorSubsystemVersion.w
Win32VersionValue.l
SizeOfImage.l
SizeOfHeaders.l
CheckSum.l
Subsystem.w
DllCharacteristics.w
SizeOfStackReserve.l
SizeOfStackCommit.l
SizeOfHeapReserve.l
SizeOfHeapCommit.l
LoaderFlags.l
NumberOfRvaAndSizes.l
DataDirectory.IMAGE_DATA_DIRECTORY[16]
EndStructure
Structure IMAGE_NT_HEADERS32
Signature.l
FileHeader.IMAGE_FILE_HEADER
OptionalHeader.IMAGE_OPTIONAL_HEADER32
EndStructure
Structure IMAGE_SECTION_HEADER
SecName.b[8]
StructureUnion
PhysicalAddr.l
VirtualSize.l
EndStructureUnion
VirtualAddress.l
SizeOfRawData.l
PointerToRawData.l
PointerToRelocations.l
PointerToLinenumbers.l
NumberOfRelocations.w
NumberOfLinenumbers.w
Characteristics.l
EndStructure
Structure IMAGE_SECTION_HEADERS
ish.IMAGE_SECTION_HEADER[64]
EndStructure
Structure IMAGE_OPTIONAL_HEADER64
Magic.w
MajorLinkerVersion.b
MinorLinkerVersion.b
SizeOfCode.l
SizeOfInitializedData.l
SizeOfUninitializedData.l
AddressOfEntryPoint.l
BaseOfCode.l
ImageBase.q
SectionAlignment.l
FileAlignment.l
MajorOperatingSystemVersion.w
MinorOperatingSystemVersion.w
MajorImageVersion.w
MinorImageVersion.w
MajorSubsystemVersion.w
MinorSubsystemVersion.w
Win32VersionValue.l
SizeOfImage.l
SizeOfHeaders.l
CheckSum.l
Subsystem.w
DllCharacteristics.w
SizeOfStackReserve.q
SizeOfStackCommit.q
SizeOfHeapReserve.q
SizeOfHeapCommit.q
LoaderFlags.l
NumberOfRvaAndSizes.l
EndStructure
Structure IMAGE_NT_HEADERS64
Signature.l;
FileHeader.IMAGE_FILE_HEADER ;
OptionalHeaderI.IMAGE_OPTIONAL_HEADER64 ;
EndStructure ; IMAGE_NT_HEADERS64, *PIMAGE_NT_HEADERS64;
;} --end structs
Declare ProcessFile(hFile.i , *pMem)
#IMAGE_DOS_SIGNATURE = 23117 ; 0x5A4D - MZ
#IMAGE_OS2_SIGNATURE = 17742 ; 0x454E - NE
#IMAGE_OS2_SIGNATURE_LE = 17740 ; 0x454C - LE
#IMAGE_NT_SIGNATURE = 17744 ;0x00004550 - PE00
#IMAGE_NT_OPTIONAL_HDR64_MAGIC = 523 ; 0x20B
Define hFile.i , hMapping.i, *pMEM
; ----- MAIN ------
If OpenConsole("Pure ASLR")
If Not Bool(ProgramParameter(0))
PrintN("Usage: PESetASLR.exe <file>")
Input()
CloseConsole()
End
Else
hFile=CreateFile_(ProgramParameter(0), #GENERIC_READ|#GENERIC_WRITE,0,#Null,#OPEN_EXISTING,0,#Null)
If hFile <> #INVALID_HANDLE_VALUE
hMapping = CreateFileMapping_(hFile,#Null, #PAGE_READWRITE,0,0,#Null)
If hMapping
*pMEM= MapViewOfFile_(hMapping,#FILE_MAP_WRITE,0,0,0)
If *pMEM
ProcessFile(hFile, *pMEM)
UnmapViewOfFile_(*pMEM)
Else
PrintN("Error Opening File")
CloseHandle_(hMapping)
EndIf
Else
PrintN("FileMapping Error")
CloseHandle_(hFile)
EndIf
PrintN("Error Opening File")
Input()
CloseConsole()
End
EndIf
EndIf
EndIf
Procedure.i ProcessFile(hfile.i, *pMEM)
Protected pDosHdr.IMAGE_DOS_HEADER
Protected pNTHeader.IMAGE_NT_HEADERS
Protected pNTHeader64.IMAGE_NT_HEADERS64
Protected nRelocs.l,bIs64Bit.b
*pDosHdr.IMAGE_DOS_HEADER = *pMEM
If *pDosHdr\e_magic <> #IMAGE_DOS_SIGNATURE
ProcedureReturn 1
EndIf
*pNTHeader.IMAGE_NT_HEADERS=*pMEM+*pDosHdr\e_lfanew
*pNTHeader64.IMAGE_NT_HEADERS64=*pNTHeader
If (*pNTHeader\OptionalHeader\DllCharacteristics And 64)
PrintN("ASLR Bit Already Set")
ProcedureReturn 1
EndIf
bIs64Bit=Bool(*pNTHeader\OptionalHeader\Magic = #IMAGE_NT_OPTIONAL_HDR64_MAGIC)
If nRelocs=*pNTHeader\OptionalHeader\DataDirectory[5]\Size
Else
nRelocs=*pNTHeader\OptionalHeader\DataDirectory[5]\Size
EndIf
If Not nRelocs
PrintN("Missing Relocation Section")
ProcedureReturn 2
EndIf
*pNTHeader\OptionalHeader\DllCharacteristics=*pNTHeader\OptionalHeader\DllCharacteristics+64 ;0x40
PrintN("ASLR Bit Set")
ProcedureReturn 0
EndProcedure
Code: Select all
/* PESetASLR.c */
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
//#include <winnt.h>
#include <stdio.h>
int ProcessFile(HANDLE hFile, PBYTE pMem);
int main(int argc, char **argv)
{
HANDLE hFile, hMapping;
VOID *pMem;
if (argc < 2) {
printf("Usage: PESetASLR.exe <file>\n");
return 1;
}
hFile = CreateFile(argv[1], GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
if (hFile != INVALID_HANDLE_VALUE) {
hMapping = CreateFileMapping(hFile, NULL, PAGE_READWRITE, 0, 0, NULL);
if (hMapping) {
pMem = MapViewOfFile(hMapping, FILE_MAP_WRITE, 0, 0, 0);
if (pMem) {
ProcessFile(hFile, pMem);
UnmapViewOfFile(pMem);
} else
printf("File open error");
CloseHandle(hMapping);
} else
printf("FileMapping error");
CloseHandle(hFile);
} else
printf("File open error");
return 0;
}
int ProcessFile(HANDLE hFile, PBYTE pMem)
{
PIMAGE_DOS_HEADER pDosHdr;
PIMAGE_NT_HEADERS pNTHeader;
PIMAGE_NT_HEADERS64 pNTHeader64;
DWORD nRelocs;
pDosHdr = (PIMAGE_DOS_HEADER)pMem;
if (pDosHdr->e_magic != IMAGE_DOS_SIGNATURE)
return 1;
pNTHeader = (PIMAGE_NT_HEADERS)(pMem+pDosHdr->e_lfanew);
pNTHeader64 = (PIMAGE_NT_HEADERS64)pNTHeader;
if (pNTHeader->OptionalHeader.DllCharacteristics & 0x0040) {
printf("ASLR bit already set\n");
return 1;
}
BOOL bIs64Bit = ( pNTHeader->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC );
if (bIs64Bit) nRelocs = pNTHeader64->OptionalHeader.DataDirectory[5].Size;
else nRelocs = pNTHeader->OptionalHeader.DataDirectory[5].Size;
if (!nRelocs) {
printf("missing reloc section\n");
return 2;
}
pNTHeader->OptionalHeader.DllCharacteristics += 0x0040;
printf("ASLR bit set\n");
return 0;
}
but Dangerous 
and can i just nsa somebody allways knows the format