Script to check if a DLL has been compiled with ASLR and DEP support. Inspired by http://security.stackexchange.com/questions/43681/how-can-i-detect-or-inventory-all-dlls-that-dont-use-aslr

aslr_dep.py

import argparse
import os
import pefile


class DllCharacteristics():
    def __init__(self, flags):
        # collecting IMAGE_DLLCHARACTERISTICS
        self.TERMINAL_SERVER_AWARE = bool(flags & 0x8000)
        self.GUARD_CF = bool(flags & 0x4000)
        self.WDM_DRIVER = bool(flags & 0x2000)
        self.APPCONTAINER = bool(flags & 0x1000)
        self.NO_BIND = bool(flags & 0x0800)
        self.NO_SEH = bool(flags & 0x0400)
        self.NO_ISOLATION = bool(flags & 0x0200)
        self.NX_COMPAT = bool(flags & 0x0100)
        self.FORCE_INTEGRITY = bool(flags & 0x0080)
        self.DYNAMIC_BASE = bool(flags & 0x0040)
        self.HIGH_ENTROPY_VA = bool(flags & 0x0020)


def get_dll_characteristics(path):
    pe = pefile.PE(path, fast_load=True)
    return DllCharacteristics(pe.OPTIONAL_HEADER.DllCharacteristics)


def main():
    parser = argparse.ArgumentParser()
    parser.add_argument('dir', help='Directory to scan')
    parser.add_argument("--full", default=False, action="store_true",
                        help="Flag to include all files to the output")
    args = parser.parse_args()
    whitelist = ['.exe', '.dll']
    print("Path,ASLR enabled,DEP enabled")
    for root, dirs, files in os.walk(args.dir):
        for f in files:
            if os.path.splitext(f)[1] in whitelist:
                fp = os.path.abspath(os.path.join(root, f))
                flags = get_dll_characteristics(fp)
                entry = "%s,%s,%s" % (fp, flags.DYNAMIC_BASE, flags.NX_COMPAT)
                if args.full or not(flags.DYNAMIC_BASE and flags.NX_COMPAT):
                    print(entry)


if __name__ == '__main__':
    main()