我试图读取PE头,并想看看exe是否启用了ASLR。
我目前在做:
if (PE.FileHeader->OptionalHeader.DllCharacteristics == IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE)
std::cout << "ASLR is enabled :)" << std::endl;
else
std::cout << "ASLR is disabled >:(" << std::endl;
但是,我总是得到“ASLR被禁用> :(”,即使我知道ASLR已启用。
我知道这与我的运算符有关,但我如何测试并查看PE头是否具有某个WORD字符?
DllCharacteristics是一个位掩码,它可以包含多个标志启用。您的检查必须使用按位&运算符而不是==运算符:
if (PE.FileHeader->OptionalHeader.DllCharacteristics & IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE)
std::cout << "ASLR is enabled :)" << std::endl;
else
std::cout << "ASLR is disabled >:(" << std::endl;
如果多位标志IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE是DllCharacteristics中的最高位,则发现它的工作方式如下:
if (PE.FileHeader->OptionalHeader.DllCharacteristics &
(IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE|
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE) ==
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE)
std::cout << "ASLR is enabled :)" << std::endl;
else
std::cout << "ASLR is disabled >:(" << std::endl;