Question:
In general, this opus was written, which is below. Google for the fifth day, could not do anything sensible. The code should work, but most likely I did not define the functions and variables correctly, which causes False on each process.
Here is the code:
class Program{
const int PROCESS_QUERY_INFORMATION = 0x0400;
const int PROCESS_WM_READ = 0x0010;
public enum PROCESS_MITIGATION_POLICY
{
ProcessDEPPolicy = 0,
ProcessASLRPolicy = 1,
ProcessDynamicCodePolicy = 2,
ProcessStrictHandleCheckPolicy = 3,
ProcessSystemCallDisablePolicy = 4,
ProcessMitigationOptionsMask = 5,
ProcessExtensionPointDisablePolicy = 6,
ProcessControlFlowGuardPolicy = 7,
ProcessSignaturePolicy = 8,
ProcessFontDisablePolicy = 9,
ProcessImageLoadPolicy = 10,
MaxProcessMitigationPolicy = 11
}
[StructLayout(LayoutKind.Explicit)]
public struct union
{
[FieldOffset(0)]
uint EnableBottomUpRandomization;
[FieldOffset(0)]
uint EnableForceRelocateImages;
[FieldOffset(0)]
uint EnableHighEntropy;
[FieldOffset(0)]
uint DisallowStrippedImages;
[FieldOffset(0)]
uint ReservedFlags;
}
public struct PROCESS_MITIGATION_ASLR_POLICY
{
uint Flags;
union other;
}
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(
int dwDesiredAccess,
bool bInheritHandle,
int dwProcessId);
[DllImport("kernel32.dll")]
static extern bool GetProcessMitigationPolicy(
IntPtr hProcess,
PROCESS_MITIGATION_POLICY mitigationPolicy,
ref PROCESS_MITIGATION_ASLR_POLICY lpBuffer,
int dwLength);
static void Main()
{
string ID_str = Console.ReadLine();
int ID = int.Parse(ID_str);
Process proc = Process.GetProcessById(ID);
IntPtr hProc = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_WM_READ, false, proc.Id);
PROCESS_MITIGATION_ASLR_POLICY PMAP = new PROCESS_MITIGATION_ASLR_POLICY();
bool result = GetProcessMitigationPolicy(hProc, PROCESS_MITIGATION_POLICY.ProcessASLRPolicy, ref PMAP, Marshal.SizeOf(PMAP));
Console.WriteLine(result);
Console.ReadKey();
}
}
pinvoke.net doesn't share these features, so I'm kind of stumped.
Answer:
In the original, PROCESS_MITIGATION_ASLR_POLICY
contains a bit structure that C# does not support. So the definition needs to be reworked a bit (check Marshal.SizeOf
should return 4):
struct PROCESS_MITIGATION_ASLR_POLICY
{
uint Flags;
bool EnableBottomUpRandomization {
get { return (Flags & 1) > 0; }
}
bool EnableForceRelocateImages {
get { return (Flags & 2) > 0; }
}
bool EnableHighEntropy {
get { return (Flags & 4) > 0; }
}
bool DisallowStrippedImages {
get { return (Flags & 8) > 0; }
}
}