André Hentschel nerv@dawncrow.de writes:

• /* randomize security cookie */
• if (IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG < nt->OptionalHeader.NumberOfRvaAndSizes &&

•    (pos = nt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress))
  

• {

•    IMAGE_LOAD_CONFIG_DIRECTORY *loadcfg = (IMAGE_LOAD_CONFIG_DIRECTORY *)(ptr + pos);
  

•    ULONG_PTR *cookie = (ULONG_PTR *)loadcfg->SecurityCookie;
  

•    srand( time( NULL ) );
  

•    *cookie = rand();
  

This won't be random at all.