Plugin to patch and remove ASLR from PE files on x64dbg
Options > Preferences > Engine
tabThis plugin remove ASLR from PE files that are being currently debugged in x64dbg by copying and patching the new file.
ASLR - Address space layout randomization, it's a security feature that randomize all the virtual memory addresses of a process, that protect from memory corruption exploitation, ROP chains and other in memory threats, as the attacker needs to now the RVA + address to performer jump in memory, this make this process more difficult and sometimes not worth it to lose time.
The initial idea was to be able to do that before the process start and not modify the binary itself, but this unfortunately it's not possible from the x64dbg plugin development design. A future approach is to hook CreateProcess call from TitanEngine(x64dbg engine) to disable ASLR before the debugger session start.
Thanks.