more...
check if ASLR is enabled from process
Code:
unit uCheckASLR;
// Original C++ Source: https://stackoverflow.com/questions/47105480/how-to-check-if-aslr-is-enabled-for-a-process
// Converted to Delphi by Agmcz 28-12-2017 2:25:32
interface
uses
Windows;
function CheckASLR(dwProcessId: ULONG; out bASLR: Boolean): ULONG;
implementation
const
PROCESS_QUERY_LIMITED_INFORMATION = $1000;
type
TSectionImageInformation = record
TransferAddress: Pointer;
ZeroBits: ULONG;
MaximumStackSize: ULONG;
CommittedStackSize: ULONG;
SubSystemType: ULONG;
MinorSubsystemVersion: Word;
MajorSubsystemVersion: Word;
GpValue: ULONG;
ImageCharacteristics: Word;
DllCharacteristics: Word;
Machine: Word;
ImageContainsCode: Boolean;
ImageFlags: Byte;
LoaderFlags: ULONG;
ImageFileSize: ULONG;
CheckSum: ULONG;
end;
PROCESSINFOCLASS = (
ProcessBasicInformation,
ProcessQuotaLimits,
ProcessIoCounters,
ProcessVmCounters,
ProcessTimes,
ProcessBasePriority,
ProcessRaisePriority,
ProcessDebugPort,
ProcessExceptionPort,
ProcessAccessToken,
ProcessLdtInformation,
ProcessLdtSize,
ProcessDefaultHardErrorMode,
ProcessIoPortHandlers,
ProcessPooledUsageAndLimits,
ProcessWorkingSetWatch,
ProcessUserModeIOPL,
ProcessEnableAlignmentFaultFixup,
ProcessPriorityClass,
ProcessWx86Information,
ProcessHandleCount,
ProcessAffinityMask,
ProcessPriorityBoost,
ProcessDeviceMap,
ProcessSessionInformation,
ProcessForegroundInformation,
ProcessWow64Information,
ProcessImageFileName,
ProcessLUIDDeviceMapsEnabled,
ProcessBreakOnTermination,
ProcessDebugObjectHandle,
ProcessDebugFlags,
ProcessHandleTracing,
ProcessIoPriority,
ProcessExecuteFlags,
ProcessResourceManagement,
ProcessCookie,
ProcessImageInformation,
MaxProcessInfoClass);
type
NTSTATUS = LongWord;
function NtQueryInformationProcess(ProcessHandle: THandle; ProcessInformationClass: PROCESSINFOCLASS; ProcessInformation: Pointer; ProcessInformationLength: ULONG; ReturnLength: PULONG ): LongInt; stdcall; external 'ntdll.dll';
function RtlNtStatusToDosError(Status: NTSTATUS): Integer; stdcall; external 'ntdll.dll';
function CheckASLR(dwProcessId: ULONG; out bASLR: Boolean): ULONG;
var
hProcess: THandle;
sii: TSectionImageInformation;
status: NTSTATUS;
begin
hProcess := OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, False, dwProcessId);
if (hProcess <> 0) and (hProcess <> INVALID_HANDLE_VALUE) then
begin
status := NtQueryInformationProcess(hProcess, ProcessImageInformation, @sii, SizeOf(sii), 0);
CloseHandle(hProcess);
if 0 <= status then
begin
bASLR := Boolean(sii.ImageFlags);
Result := NOERROR;
Exit;
end;
Result := RtlNtStatusToDosError(status);
Exit;
end;
Result := GetLastError;
end;
end.