Iris WinDbg extension performs detection of common Windows process mitigations (32 and 64 bits).
The checks implemented, as can be seen in the screenshots above, are:
for the current process
for the loaded modules
If you don’t know the meaning of some of the keywords above use google, you’ll find better explanations than the ones I could give you.
Setup
To “install”, copy either x86\iris.dll
or x64\iris.dll
into the winext
folder for WinDbg (for x86
and x64
).
WinDbg 10.0.xxxxx
Unless you installed the debug tools in a non standard path you’ll find the winext
folder at:
C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext
Or, for 32 bits:
C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\winext
WinDbg Preview
Unless you installed copied WinDbg preview install folder
into a non standard location you’ll have it in a folder with a name
close to the one below (depending on the installed version):
C:\Program Files\WindowsApps\Microsoft.WinDbg_1.1906.12001.0_neutral__9wekib2d8acwe
For 64 bits copy x64\iris.dll
into amd64\winext
or x86\iris.dll
into x86\winext
for 32 bits.
Load the extension
After the steps above, just load the extension with .load iris
and run !iris.help
to see the available command(s).
0:014> .load iris
[+] Iris WinDbg Extension Loaded
0:014> !iris.help
IRIS WinDbg Extension (rui@deniable.org). Available commands:
help = Shows this help
modules = Display process mitigations for all loaded modules.
mitigations = Display current process mitigation policy.
Running
As shown in the screenshot above, just run: !iris.modules
or simply !modules
, and !iris.mitigations
or simply !mitigations
.
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…
Introduction As cyber threats grow more sophisticated, organizations need more than just firewalls and antivirus…
Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…
Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…