Didier Stevens

Tuesday 18 January 2011

Quickpost: Checking ASLR

Filed under: Quickpost,Uncategorized,Vulnerabilities,Windows 7,Windows Vista — Didier Stevens @ 11:13

Some people asked me for a simple way to check shell extensions for their ASLR support. You can do this with Process Explorer.

Start Process Explorer, and set the lower pane to display DLLs. Select process explorer.exe, and add column ASLR to the lower pane view. Then sort on column ASLR.

You will see this:

Notice that on a default Windows 7 32-bits install all DLLs (with code) support ASLR. The n/a is for resource DLLs, they don’t contain code, and ASLR doesn’t apply to them.

Now open an explorer window and right-click a file, like this:

This action will load the context menu shell extensions.

Take a look at Process Explorer:

Now you see the shell extensions without ASLR support.

Quickpost info


  1. I created a issue on the 7zip’s bugtracker.
    I hope people who will found ASLR-less shell extension will do the same …

    Comment by Nico — Wednesday 19 January 2011 @ 18:55

  2. @Nico Have you seen iplavlov’s reply? He is still using VC6. He could use my tool setdllcharacteristics.

    Comment by Didier Stevens — Thursday 20 January 2011 @ 9:00

  3. […] area is the Attack Surface tab, which lists service and network information. If you read Checking ASLR by Didier Stevens, you will notice the ASLR flags under the service information section. Since it […]

    Pingback by MS Attack Surface Analyzer | Nekyia — Wednesday 26 October 2011 @ 15:00

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.