tag:blogger.com,1999:blog-37798047.post3636578578996965958..comments2024-01-16T05:48:33.523-05:00Comments on Errata Security: Funny Vista Tricks with ASLRDavid Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-37798047.post-65920022374585313652007-11-05T09:15:00.000-05:002007-11-05T09:15:00.000-05:00Dave,You might find some of these Immunity Debugge...Dave,<BR/><BR/>You might find some of these Immunity Debugger scripts useful (especially ASLRdynamicbase.py that did much of the work you talk about here in Aug 07).<BR/><BR/>http://www.openrce.org/repositories/browse/Faithless<BR/><BR/>AFAIK, WFP doesn't protect the PE header itself, only the image, resc etc.Rhys Kiddhttps://www.blogger.com/profile/09377758607874992932noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-37010463211585442182007-10-31T05:36:00.000-04:002007-10-31T05:36:00.000-04:00So this means that I can disable ASLR for any MS D...So this means that I can disable ASLR for any MS DLL, given that they are not protected by WFP?<BR/><BR/>Would WFP even detect the bit toggle?<BR/><BR/>For the application signing, you're talking about Authenticode?Didier Stevenshttps://www.blogger.com/profile/17537511475658709281noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-35399629234112323842007-10-31T04:04:00.000-04:002007-10-31T04:04:00.000-04:00"I thought that once an application is modified it..."I thought that once an application is modified it would no longer run. No problems like that occurred. The toolbar seemed to work just fine." <-- this really scares me... What's the point in signing if one can alter the gut of the beast?mokum von Amsterdamhttps://www.blogger.com/profile/03801346660588264367noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-36590374908082630992007-10-31T03:05:00.000-04:002007-10-31T03:05:00.000-04:00I wonder how this might change when Sp1 comes out....I wonder how this might change when Sp1 comes out. As far as the beta stands now, there is no mention of any changes implemented or planned as far as ASLR in Vista is concerned.Anonymoushttps://www.blogger.com/profile/15728029060960959631noreply@blogger.com