win7下关闭程序的aslr


import pefile
import struct


class Patch:
    def __init__(self):
        self.data = ''

    def load_file(self, filename):
        f = open(filename, 'rb')
        self.data = f.read()
        f.close()

    def save_file(self, filename):
        f = open(filename, 'wb')
        f.write(self.data)
        f.close()

    def write_file(self, offset, data):
        if (offset >= 0) & ((offset+len(data)) < len(self.data)):
            self.data = self.data[0:offset] + data + self.data[offset+len(data):]
            return True
        return False

    def read_file(self, offset, size):
        if (offset >= 0) & ((offset+size) < len(self.data)):
            return self.data[offset:offset+size]
        else:
            return None



def get_dllcharacteristics(pe):
    offset = pe.OPTIONAL_HEADER.get_field_absolute_offset('DllCharacteristics')
    value = pe.OPTIONAL_HEADER.DllCharacteristics
    return (offset, value)


def disable_aslr(infile, outfile):
    try:
        pe = pefile.PE(infile)
        (offset, value) = get_dllcharacteristics(pe)
        #print hex(offset), hex(value)

        if value&0x40:
            value -= 0x40

        #print hex(offset), hex(value)
        #pe.set_word_at_offset(offset, value)
        patch = Patch()
        patch.load_file(infile)
        patch.write_file(offset, struct.pack('


你可能感兴趣的:(win7下关闭程序的aslr)