1

is there some way to start a program with ASLR disabled on Windows? like on Posix one would do

posix_spawnattr_t attrs={0}; 
posix_spawnattr_setflags(&attrs, _POSIX_SPAWN_DISABLE_ASLR);
posix_spawnp(NULL, "./program.exe", NULL, &attrs,...);

and then program.exe would be started without ASLR.. but i have no idea how to do it on Windows (couldn't find any relevant info when looking through CreateProcessW docs either)

this SO post suggest that Microsoft's Enhanced Mitigation Experience Toolkit (EMET) could indeed disable ASLR on a per-process basis, which suggest that it is possible (or at the very least, it was possible on Windows 7)

(also this is not a duplicate of how to disable ASLR on Windows because i don't want to disable ASLR globally, but i know there is a registry key that can globally disable ASLR)

hanshenrik
  • 19,904
  • 4
  • 43
  • 89
  • 3
    FWIW, removing the `IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` flag from PE header may work, but this will break the digital signature checks if the file is signed. – Sprite Mar 21 '22 at 10:14

0 Answers0