#include <checksec.h>

Public Member Functions
	Checksec (std::string filepath)

const std::string	filepath () const

const MitigationReport	isDynamicBase () const

const MitigationReport	isASLR () const

const MitigationReport	isHighEntropyVA () const

const MitigationReport	isForceIntegrity () const

const MitigationReport	isNX () const

const MitigationReport	isIsolation () const

const MitigationReport	isSEH () const

const MitigationReport	isCFG () const

const MitigationReport	isAuthenticode () const

const MitigationReport	isRFG () const

const MitigationReport	isSafeSEH () const

const MitigationReport	isGS () const

const MitigationReport	isDotNET () const

const MitigationReport	isCetCompat () const

Detailed Description

Represents the main winchecksec interface.

Constructor & Destructor Documentation

◆ Checksec()

checksec::Checksec::Checksec ( std::string filepath )

Member Function Documentation

◆ filepath()

const std::string checksec::Checksec::filepath ( ) const

inline

Returns: a string reference for the filepath that this Checksec instance was created with

◆ isASLR()

const MitigationReport checksec::Checksec::isASLR ( ) const

Returns: a MitigationReport indicating whether the program has effective ASLR (i.e., has a dynamic base and unstripped relocations, or is in a managed runtime like .NET)

◆ isAuthenticode()

const MitigationReport checksec::Checksec::isAuthenticode ( ) const

Returns: a MitigationReport indicating whether the program contains a (partially) valid Authenticode signature

Note: See the uthenticode documentation for the details of this check

◆ isCetCompat()

const MitigationReport checksec::Checksec::isCetCompat ( ) const

Returns: a MitigationReport indicating whether this program is compiled with CET support

◆ isCFG()

const MitigationReport checksec::Checksec::isCFG ( ) const

Returns: a MitigationReport indicating whether the program supports Control Flow Guard

◆ isDotNET()

const MitigationReport checksec::Checksec::isDotNET ( ) const

Returns: a MitigationReport indicating whether this program runs in the .NET environment

◆ isDynamicBase()

const MitigationReport checksec::Checksec::isDynamicBase ( ) const

Returns: a MitigationReport indicating whether the program can be loaded from a dynamic base address (i.e. /DYNAMICBASE)

◆ isForceIntegrity()

const MitigationReport checksec::Checksec::isForceIntegrity ( ) const

Returns: a MitigationReport indicating whether the program's integrity must be checked at load time

◆ isGS()

const MitigationReport checksec::Checksec::isGS ( ) const

Returns: a MitigationReport indicating whether the program uses stack buffer cookies (a.k.a. stack guards, stack canaries)

Note: This check tests for the presence of the security cookie's address and not the instrumentation that actually checks that address. Every modern version of MSVCRT has stack cookies enabled in some form, so this can result in false positives if your application code links to MSVCRT but doesn't enable its own stack cookies.

◆ isHighEntropyVA()

const MitigationReport checksec::Checksec::isHighEntropyVA ( ) const

Returns: a MitigationReport indicating whether the program supports 64-bit ASLR

◆ isIsolation()

const MitigationReport checksec::Checksec::isIsolation ( ) const

Returns: a MitigationReport indicating whether the operating system should attempt a manifest lookup and load for the program

◆ isNX()

const MitigationReport checksec::Checksec::isNX ( ) const

Returns: a MitigationReport indicating whether the program supports NX, (a.k.a. DEP, W^X)

◆ isRFG()

const MitigationReport checksec::Checksec::isRFG ( ) const

Returns: a MitigationReport indicating whether the program supports Return Flow Guard

◆ isSafeSEH()

const MitigationReport checksec::Checksec::isSafeSEH ( ) const

Returns: a MitigationReport indicating whether the program supports safe SEH

◆ isSEH()

const MitigationReport checksec::Checksec::isSEH ( ) const

Returns: a MitigationReport indicating whether the program uses Structured Exception Handlers

The documentation for this class was generated from the following files:

include/checksec.h
checksec.cpp

Public Member Functions