How to enable ASLR of an exe file
Question:
I have wrote a simple python script (just a message box) and make it executable using pyInstaller. I want to load that exe file reflectively using Powershell script Invoke-ReflectivePEInjection.ps1 but powershell is throwing an error (PE file does not support ASLR )
Is there any way to make ASLR compatible exe file from python script.
Answers:
There’s a tool called editbin which can be used to change PE file settings. In your case, /DYNAMICBASE and /HIGHENTROPYVA seem to apply. Use that tool after creating the executable.
See How do I determine if an EXE (or DLL) participate in ASLR, i.e. is relocatable?
ASLR means your Base address will be randomized, therefore all absolute memory references will be broken. That is, if the compiler and linker assume that the base address is 0x04000000 and there is an absolute memory reference to 0x0400102F but your module actually gets loaded at 0x05000000 then 0x01000000 must be added to the absolute address hardcoded in the machine code that references 0x0400102F so that it references 0x0400102F now. These code fixups are called base relocations, they are performed by the windows loader when the executable is being loaded. The places were theses fixups must be done are include in the executable only if it is relocatable.
If the IMAGE_FILE_RELOCS_STRIPPED (0x0001) bit flag set in the Characteristics field of the File Header is set then this executables has no relocations so it cannot be placed anywhere else than the base address in the headers, so if you enable ASLR in this executable it will break because memory references are incorrect. You can also write position independent code, which runs correctly wherever it is placed in memory without the need of load time relocations.
I have wrote a simple python script (just a message box) and make it executable using pyInstaller. I want to load that exe file reflectively using Powershell script Invoke-ReflectivePEInjection.ps1 but powershell is throwing an error (PE file does not support ASLR )
Is there any way to make ASLR compatible exe file from python script.
There’s a tool called editbin which can be used to change PE file settings. In your case, /DYNAMICBASE and /HIGHENTROPYVA seem to apply. Use that tool after creating the executable.
See How do I determine if an EXE (or DLL) participate in ASLR, i.e. is relocatable?
ASLR means your Base address will be randomized, therefore all absolute memory references will be broken. That is, if the compiler and linker assume that the base address is 0x04000000 and there is an absolute memory reference to 0x0400102F but your module actually gets loaded at 0x05000000 then 0x01000000 must be added to the absolute address hardcoded in the machine code that references 0x0400102F so that it references 0x0400102F now. These code fixups are called base relocations, they are performed by the windows loader when the executable is being loaded. The places were theses fixups must be done are include in the executable only if it is relocatable.
If the IMAGE_FILE_RELOCS_STRIPPED (0x0001) bit flag set in the Characteristics field of the File Header is set then this executables has no relocations so it cannot be placed anywhere else than the base address in the headers, so if you enable ASLR in this executable it will break because memory references are incorrect. You can also write position independent code, which runs correctly wherever it is placed in memory without the need of load time relocations.