.The ASLRdynamicbase.py PyCommand will inspect each loaded module, and report whether the PEHeader contains the relevant information indicating it is compatible with Vista's ASLR implementation (DLLCharacteristics). It is interesting to note some of the Microsoft Office 2007 modules, Groove in particular, have not be compiled with the /dynamicbase option set. The same goes for the Apple Bonjour service DLL installed with Safari for Windows 3.0, providing a nice, stable set of opcodes within the svchost.exe processes that also houses many RPC interfaces.
Install by copying this file into the PyCommands\ folder, and from within the running debugger issue the !ASLRdynamicbase command.
-Rhys
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}