Iris - WinDbg Extension To Perform Basic Detection Of Common Windows Exploit Mitigations

✨ deeznutz

✨ deeznutz

✨ Master ✨
Staff member
Joined
May 15, 2017
Messages
981
Likes
760
Points
1,045
iris_1_iris.png


Iris WinDbg extension performs basic detection of common Windows exploit mitigations (32 and 64 bits).
The checks implemented, as can be seen in the screenshot above, are (for the loaded modules):
  • DynamicBase
  • ASLR
  • DEP
  • SEH
  • SafeSEH
  • CFG
  • RFG
  • GS
  • AppContainer
If you don't know the meaning of some of the keywords above use google, you'll find better explanations than the ones I could give you.

Setup
To "install", copy iris.dll into the winext folder for WinDbg (for x86 and x64).
WinDbg 10.0.xxxxx
Unless you installed the debug tools in a non standard path you'll find the winext folder at:
Code:
C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext
Click to expand...
Or, for 32 bits:
Code:
C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\winext
Click to expand...
Download Iris
 
You must log in or register to reply here.
Top Bottom