Skip to content

Latest commit

 

History

History
36 lines (26 loc) · 729 Bytes

README.md

File metadata and controls

36 lines (26 loc) · 729 Bytes
Raw

GadgetInspector

Gadget-based Callstack Spoofing Detector

image

Tested on:

https://github.com/pard0p/CallstackSpoofingPOC

It should also detect: https://github.com/klezVirus/SilentMoonwalk

How to use it?

gadget_inspector.exe -p <PID> or --pid <PID>
gadget_inspector.exe -o <NAME> or --output <NAME>

Example:

gadget_inspector.exe -p 1000 -o out.txt

All PIDs:

gadget_inspector.exe -o out.txt

To compile

g++ .\gadget_inspector.cpp -o .\gadget_inspector.exe -ldbghelp

WARNING

This is an UNFINISHED proof of concept. Certain situations can cause false positives.