Skip to content

pard0p/GadgetInspector

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 

Repository files navigation

GadgetInspector

Gadget-based Callstack Spoofing Detector

image

Tested on:

https://github.com/pard0p/CallstackSpoofingPOC

It should also detect: https://github.com/klezVirus/SilentMoonwalk

How to use it?

gadget_inspector.exe -p <PID> or --pid <PID>
gadget_inspector.exe -o <NAME> or --output <NAME>

Example:

gadget_inspector.exe -p 1000 -o out.txt

All PIDs:

gadget_inspector.exe -o out.txt

To compile

g++ .\gadget_inspector.cpp -o .\gadget_inspector.exe -ldbghelp

WARNING

This is an UNFINISHED proof of concept. Certain situations can cause false positives.

About

Gadget-based Callstack Spoofing Detector.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages