Iris WinDbg extension performs detection of common Windows process mitigations (32 and 64 bits). The checks implemented, as can be seen in the screenshots above, are: for the current process DEP Policy DEP ATL Thunk Emulation Disabled Permanent DEP Enabled ASLR Policy Bottom Up Randomization Enabled Force Relocate Images Enabled High Entropy Enabled Stripped Images …
Continue reading “Iris : WinDbg Extension To Display Windows Process Mitigations”