Iris - Windbg Extension To Perform Basic Detection Of Mutual Windows Exploit Mitigations - Hi friends mederc, In the article that you read this time with the title Iris - Windbg Extension To Perform Basic Detection Of Mutual Windows Exploit Mitigations, We have prepared this article well for you to read and retrieve information from it. hopefully fill the posts Article Debugging, Article Detection, Article Exploit, Article Extension, Article Iris, Article WinDbg, Article Windows, we write this you can understand. Alright, happy reading.

Title : Iris - Windbg Extension To Perform Basic Detection Of Mutual Windows Exploit Mitigations

link : Iris - Windbg Extension To Perform Basic Detection Of Mutual Windows Exploit Mitigations

Iris - Windbg Extension To Perform Basic Detection Of Mutual Windows Exploit Mitigations

Iris WinDbg extension performs basic detection of mutual Windows exploit mitigations (32 together with 64 bits).


The checks implemented, equally tin locomote seen inwards the screenshot above, are (for the loaded modules):

• DynamicBase
• ASLR
• DEP
• SEH
• SafeSEH
• CFG
• RFG
• GS
• AppContainer

If you lot don't know the pregnant of some of the keywords inwards a higher house purpose google, you'll divulge ameliorate explanations than the ones I could hand you.

Setup
To "install", re-create iris.dll into the winext folder for WinDbg (for x86 together with x64).

WinDbg 10.0.xxxxx
Unless you lot installed the debug tools inwards a non measure path you'll divulge the winext folder at:

C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext

Or, for 32 bits:

C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\winext

WinDbg Preview
Unless you lot
installedcopied WinDbg preview install folder into a non measure place you'll accept it inwards a folder amongst a hollo some the ane below (depending on the installed version):

C:\Program Files\WindowsApps\Microsoft.WinDbg_1.1906.12001.0_neutral__9wekib2d8acwe

For 64 bits re-create iris.dll into amd64\winext or into x86\winext for 32 bits.

Load the extension
After the steps above, precisely charge the extension amongst .load iris together with run !iris.help to meet the available command(s).

0:002> .load iris [+] Iris WinDbg Extension Loaded 0:002> !iris.help  IRIS WinDbg Extension (rui@deniable.org). Available commands:  assistance                  = Shows this assistance  modules               = Display exploit mitigations for all loaded modules.

Running
As shown inwards the screenshot above, precisely run: !iris.modules or but !modules.

Warning
Don't trust blindly on the results, some mightiness non locomote accurate. I pretty much used equally reference PE-bear parser, winchecksec, Process Hacker, together with narly. Thank you lot to all of them.
I pose this together inwards a twenty-four hours to relieve some fourth dimension during a specific assignment. It worked for me but it hasn't been thoroughly tested. You accept been warned, purpose at your ain risk.
I'll locomote updating together with maintining this, then whatever issues you lot may divulge delight allow me know. I innovation to add together a few to a greater extent than mitigations later.

References
Besides the references mentioned before, if you lot desire to write your ain extension (or contribute to this one) the Advanced Windows Debugging mass together with the WinDbg SDK are your friends.

Download Iris

Thus the article Iris - Windbg Extension To Perform Basic Detection Of Mutual Windows Exploit Mitigations

That's all the article Iris - Windbg Extension To Perform Basic Detection Of Mutual Windows Exploit Mitigations this time, hopefully can benefit you all. okay, see you in another article posting.

You are now reading the article Iris - Windbg Extension To Perform Basic Detection Of Mutual Windows Exploit Mitigations with the link address https://mederc.blogspot.com/2013/03/iris-windbg-extension-to-perform-basic.html

Share this post