ASLR Process Scanner - Tool For Identifying ASLR Enabled Processes

ASLR Process Scanner - Tool For Identifying ASLR Enabled Processes

ASLR Process Scanner is a free command-line tool that can display all the ASLR enabled Processes.

If you don't know what is ASLR and you are too lazy to google, read this:

Address space layout randomization (ASLR) is a memory-protection process for operating systems that guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory. -  searchsecurity.techtarget.com

Since the ASLR Process Scanner is a command line tool, it is very easy to automate it through scripting.

It is available in both 32-bit & 64-bit versions and works on almost all Windows platforms (Vista to 10).

HOW TO USE ASLR PROCESS SCANNER

First, download ASLR Process Scanner (download links are at the end of this article). Then extract the downloaded zip file to the desktop. Then open the ASLRProcessScanner folder, and then right-click on the empty area while holding down the "Shift" key, and then select "Open command window here". This will open up a command window as shown below.

ASLR Process Scanner folder cmd

Now, if you are using a 32-bit system, type in "ASLRProcessScanner32.exe" (without the quotes) or "ASLRProcessScanner64.exe", and then hit the "Enter" key. You will see all the ASLR enabled Processes (see the image below).

ASLR Process Scanner Snapshot

There are also other options in this tool, use the following syntax or structure (call it whatever you want) to create the command.

For 32-bit Systems:
ASLRProcessScanner32.exe [-h | -d | -p <pid> | -n <process_name> | -f <exe_file_path>]

For 64-bit Systems:
ASLRProcessScanner64.exe [-h | -d | -p <pid> | -n <process_name> | -f <exe_file_path>]


Examples:

If you want to list all non-ASLR or ASLR disabled processes, execute the following command:
ASLRProcessScanner64.exe -d

To check if ASLR is enabled for Process with pid 1151, use the following command:
ASLRProcessScanner64.exe -p 1151

To check if ASLR is enabled for Process with name 'chrome', execute this:
ASLRProcessScanner64.exe -n "chrome"

To check if ASLR is enabled for an executable file, lets say "explorer.exe", run the following command:
ASLRProcessScanner64 -f "c:\windows\explorer.exe"

That's all. I hope you liked this article. If you did, please share this article...



No comments

Powered by Blogger.