11 Nov 2012

I was reading A Bug Hunter's Diary by Tobias Klein last week and was reminded of an idea I had long ago to check if a software application is using things like DEP and ASLR. There are lots of tools to do this (in the book it uses Process Explorer and LookingGlass), but you have to download and run those locally. This is 2012, and downloading apps is old-school. I made a simple web app to use HTML5 hotness to allow users to drag and drop entire directories and analyze them client side. You can drag and drop your entire "Program Files" dir!

Checking if an executable has DEP or ASLR set is really easy. All you need to do is parse the PE header to get to IMAGE_OPTIONAL_HEADER.DllCharacteristics and check the bits in that WORD to see what features are turned on.

Admittedly, SlopFinder is sort of sloppy javascript code. This is like when you correct someone's grammar or spelling and make mistakes yourself. SlopFinder does not work on 64-bit binaries, has almost no error handling or user feedback when things go wrong, and only checks DEP and ASLR.

Here is a screenshot of my Foxit reader directory:

Try SlopFinder out now.