SorakadoAo

DLL Characteristics——x64dbg基址問(wèn)題

DLL Characteristics

DLL Characteristics是Optional Header的一個(gè)Word字段。位置處于OptionalHeader+0x46處，即文件偏移+0x16E處

Constant	Value	Description
	0x0001	Reserved, must be zero.
	0x0002	Reserved, must be zero.
	0x0004	Reserved, must be zero.
	0x0008	Reserved, must be zero.
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA	0x0020	Image can handle a high entropy 64-bit virtual address space.
IMAGE_DLLCHARACTERISTICS_ DYNAMIC_BASE	0x0040	DLL can be relocated at load time.
IMAGE_DLLCHARACTERISTICS_ FORCE_INTEGRITY	0x0080	Code Integrity checks are enforced.
IMAGE_DLLCHARACTERISTICS_ NX_COMPAT	0x0100	Image is NX compatible.
IMAGE_DLLCHARACTERISTICS_ NO_ISOLATION	0x0200	Isolation aware, but do not isolate the image.
IMAGE_DLLCHARACTERISTICS_ NO_SEH	0x0400	Does not use structured exception (SE) handling. No SE handler may be called in this image.
IMAGE_DLLCHARACTERISTICS_ NO_BIND	0x0800	Do not bind the image.
IMAGE_DLLCHARACTERISTICS_APPCONTAINER	0x1000	Image must execute in an AppContainer.
IMAGE_DLLCHARACTERISTICS_ WDM_DRIVER	0x2000	A WDM driver.
IMAGE_DLLCHARACTERISTICS_GUARD_CF	0x4000	Image supports Control Flow Guard.
IMAGE_DLLCHARACTERISTICS_ TERMINAL_SERVER_AWARE	0x8000	Terminal Server aware.

x64dbg加載基址

在x64dbg調(diào)試過(guò)程中，如果設(shè)置了IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE標(biāo)志，則會(huì)啟用Windows的ASLR功能，這在與其他調(diào)試軟件如IDA配合使用中帶來(lái)了一定不便（IDA似乎會(huì)無(wú)視這個(gè)標(biāo)志，始終將64為程序加載進(jìn)0x140000000）

因此可用HEX編輯器（注意小端）或者CFF將其更改

CFF中取消勾選DLL can move選項(xiàng)

再用x64dbg啟動(dòng)就可看見(jiàn)加載基址為默認(rèn)的0x140000000

2025-7-27更

是我大意了，x64dbg現(xiàn)在能關(guān)閉ASLR的選項(xiàng)

posted @ 2025-07-26 15:33 Darkexpeller 閱讀(66) 評(píng)論(0) 收藏舉報(bào)

刷新頁(yè)面返回頂部

SorakadoAo

DLL Characteristics——x64dbg基址問(wèn)題

DLL Characteristics

x64dbg加載基址

2025-7-27更

公告