|
|
|
|
#1
04-08-2018, 02:51
|
|||
|
|||
|
But when DLLCHARACTERISTICS.RelocationsStrippedBit=1 all others ignored. Agree?
..however you are right, if the file is processed by the plugin PE_ASLR.HEM with this bit set to 1, then additional checks will be required after clear it. Last edited by dosprog; 04-08-2018 at 03:21. 
|
|
#2
04-08-2018, 04:11
|
|||
|
|||
|
Microsoft didn't implement two linker options for fun, these are two individual flags doing different things and can be enabled or disabled independently from each other.
So if you want to know if a file is ASLR enabled, then you check the flag telling you if a file is ASLR enabled and not the flag telling you if a file has relocations. (I'm aware the code posted here does check for a relocation table, but relocations are no requirement for ASLR)
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| [Delphi] Loader shows how to patch PE protected with ASLR | Sn!per X | Source Code | 1 | 11-28-2015 00:33 |
| Help Me - CRC Check and FileSize Check | byvs | General Discussion | 11 | 07-31-2003 13:32 |
Hybrid Mode
