It appears that CCRewriter alters the PE NTHeader in unintended ways RRS feed

  • Question

  • Because the MetadataWriter outputs an NTHeader that is only partially populated from values taken from the MetadataReader, there are some values that come from NTHeader constructor.

    Of Primary interest to me is that the imageBase field is set below 4GB and thusly turns off ASLR.

    Will also post this as an issue on GitHub.

    Monday, March 14, 2016 6:42 AM