The PE-file format specifies flags to enable DEP and ASLR. You can set these flags with a hex-editor or a PE-file editor.
Because I need to set DEP and ASLR flags in a script, I wrote a C-program to read, set or clear these flags (together with another flag to check AuthentiCode signatures, more about this later).
It’s a standard C program, you can compile it under *nix too.
The option handling is simple, you can’t combine flags into one option string. For example, to set DEP and ASLR, you issue the following command:
setdllcharacteristics +n +d program.exe
This will not work:
setdllcharacteristics +nd program.exe
Don’t forget that by changing these flags on signed executables, the signature is not valid anymore. But that shouldn’t be a problem to run the program.
Later, I’ll post tools to force DEP (and maybe ASLR) without changing the PE file.
And I also updated the PE-file format template for the 010 editor to support these 3 flags.