Iris WinDbg extension performs basic detection of common Windows exploit mitigations (32 and 64 bits).
The checks implemented, as can be seen in the screenshot above, are (for the loaded modules):
Setup
To "install", copy iris.dll into the winext folder for WinDbg (for x86 and x64).
WinDbg 10.0.xxxxx
Unless you installed the debug tools in a non standard path you'll find the winext folder at:
Code:
C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext
Or, for 32 bits:
Code:
C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\winext
The checks implemented, as can be seen in the screenshot above, are (for the loaded modules):
- DynamicBase
- ASLR
- DEP
- SEH
- SafeSEH
- CFG
- RFG
- GS
- AppContainer
Setup
To "install", copy iris.dll into the winext folder for WinDbg (for x86 and x64).
WinDbg 10.0.xxxxx
Unless you installed the debug tools in a non standard path you'll find the winext folder at:
Code:
C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext
Or, for 32 bits:
Code:
C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\winext