ASLR Process Scanner - Tool For Identifying ASLR Enabled Processes
ASLR Process Scanner is a free command-line tool that can display all the ASLR enabled Processes.
If you don't know what is ASLR and you are too lazy to google, read this:
Address space layout randomization (ASLR) is a memory-protection process for operating systems that guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory. - searchsecurity.techtarget.com
Since the ASLR Process Scanner is a command line tool, it is very easy to automate it through scripting.
It is available in both 32-bit & 64-bit versions and works on almost all Windows platforms (Vista to 10).
HOW TO USE ASLR PROCESS SCANNER
First, download ASLR Process Scanner (download links are at the end of this article). Then extract the downloaded zip file to the desktop. Then open the ASLRProcessScanner folder, and then right-click on the empty area while holding down the "Shift" key, and then select "Open command window here". This will open up a command window as shown below.
Now, if you are using a 32-bit system, type in "ASLRProcessScanner32.exe" (without the quotes) or "ASLRProcessScanner64.exe", and then hit the "Enter" key. You will see all the ASLR enabled Processes (see the image below).
There are also other options in this tool, use the following syntax or structure (call it whatever you want) to create the command.
For 32-bit Systems:
For 64-bit Systems:
Examples:
If you want to list all non-ASLR or ASLR disabled processes, execute the following command:
To check if ASLR is enabled for Process with pid 1151, use the following command:
To check if ASLR is enabled for Process with name 'chrome', execute this:
To check if ASLR is enabled for an executable file, lets say "explorer.exe", run the following command:
That's all. I hope you liked this article. If you did, please share this article...
Now, if you are using a 32-bit system, type in "ASLRProcessScanner32.exe" (without the quotes) or "ASLRProcessScanner64.exe", and then hit the "Enter" key. You will see all the ASLR enabled Processes (see the image below).
There are also other options in this tool, use the following syntax or structure (call it whatever you want) to create the command.
For 32-bit Systems:
ASLRProcessScanner32.exe [-h | -d | -p <pid> | -n <process_name> | -f <exe_file_path>]
For 64-bit Systems:
ASLRProcessScanner64.exe [-h | -d | -p <pid> | -n <process_name> | -f <exe_file_path>]
Examples:
If you want to list all non-ASLR or ASLR disabled processes, execute the following command:
ASLRProcessScanner64.exe -d
To check if ASLR is enabled for Process with pid 1151, use the following command:
ASLRProcessScanner64.exe -p 1151
To check if ASLR is enabled for Process with name 'chrome', execute this:
ASLRProcessScanner64.exe -n "chrome"
To check if ASLR is enabled for an executable file, lets say "explorer.exe", run the following command:
ASLRProcessScanner64 -f "c:\windows\explorer.exe"
That's all. I hope you liked this article. If you did, please share this article...
Source: www.effecthacking.com
ASLR Process Scanner - Tool For Identifying ASLR Enabled Processes
Reviewed by Anonymous
on
6:23 AM
Rating: