Some people asked me for a simple way to check shell extensions for their ASLR support. You can do this with Process Explorer.
Start Process Explorer, and set the lower pane to display DLLs. Select process explorer.exe, and add column ASLR to the lower pane view. Then sort on column ASLR.
You will see this:
Notice that on a default Windows 7 32-bits install all DLLs (with code) support ASLR. The n/a is for resource DLLs, they don’t contain code, and ASLR doesn’t apply to them.
Now open an explorer window and right-click a file, like this:
This action will load the context menu shell extensions.
Take a look at Process Explorer:
Now you see the shell extensions without ASLR support.
I created a issue on the 7zip’s bugtracker.
I hope people who will found ASLR-less shell extension will do the same …
Comment by Nico — Wednesday 19 January 2011 @ 18:55
@Nico Have you seen iplavlov’s reply? He is still using VC6. He could use my tool setdllcharacteristics.
Comment by Didier Stevens — Thursday 20 January 2011 @ 9:00
[…] area is the Attack Surface tab, which lists service and network information. If you read Checking ASLR by Didier Stevens, you will notice the ASLR flags under the service information section. Since it […]
Pingback by MS Attack Surface Analyzer | Nekyia — Wednesday 26 October 2011 @ 15:00