I am trying to read PE headers, and want to see if an exe has ASLR enabled.
I am currently doing :
if (PE.FileHeader->OptionalHeader.DllCharacteristics == IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE)
std::cout << "ASLR is enabled :)" << std::endl;
else
std::cout << "ASLR is disabled >:(" << std::endl;
However, I always get "ASLR is disabled >:(", even if I know for a fact ASLR is enabled.
I know this has to do with my operator, but how do I test and see if a PE header has a certain WORD character?
DllCharacteristics is a bitmask, it can contain multiple flags enabled. Your check must use the bitwise & operator instead of the == operator:
if (PE.FileHeader->OptionalHeader.DllCharacteristics & IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE)
std::cout << "ASLR is enabled :)" << std::endl;
else
std::cout << "ASLR is disabled >:(" << std::endl;