Iris - WinDbg Extension To Perform Basic Detection Of Common Windows Exploit Mitigations

✨ DeeZNuTz

✨ DeeZNuTz

✨ Master ✨
Staff member
May 15, 2017
990
759
1,045
iris_1_iris.png


Iris WinDbg extension performs basic detection of common Windows exploit mitigations (32 and 64 bits).
The checks implemented, as can be seen in the screenshot above, are (for the loaded modules):
  • DynamicBase
  • ASLR
  • DEP
  • SEH
  • SafeSEH
  • CFG
  • RFG
  • GS
  • AppContainer
If you don't know the meaning of some of the keywords above use google, you'll find better explanations than the ones I could give you.

Setup
To "install", copy iris.dll into the winext folder for WinDbg (for x86 and x64).
WinDbg 10.0.xxxxx
Unless you installed the debug tools in a non standard path you'll find the winext folder at:
Code:
C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext
Click to expand...
Or, for 32 bits:
Code:
C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\winext
Click to expand...
Download Iris
 
You must log in or register to reply here.

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

Home Forums

User Menu

Login
Top Bottom