Requirements:

Windows Debugger (windbg.exe)

Installation Instructions :

Copy the correct version (x86 or x64) to your Windows Debugger winext sub-directory

Usage Instructions:

You may need to explicitly load the MSEC DLL. If you installed it to the winext sub-directory, you can load
it with !load winext\msec.dll

{preserving formatting

!exploitable
Gives an analysis, including a proposed bug title

!exploitable -v
Gives a verbose analysis

!exploitable -m
Gives the same output as -v, but formatted for easy machine parsing

!exploitable -jit:address
Use the JIT Exception Record to determine the exception

!ror [-n <Rotation Count> [-c] <Value>
Get the API name for hash value <Value> using rotation count <Rotation Count>. Use -c to do a reverse lookup from an API name to a hash value. Run !ror without options for examples.


!xoru [-b] <addr> [<length>] <key>
Do the Xor transformation on the buffer from address <addr> to address <addr> + <length> using the key <key> and disassemble the buffer. Use -b to leave the transformed buffer in memory. Run !xoru without options for examples. You can do other types of transformation using xora, xorui, xorua, suba, subu, adda, addu, rola, or rolu.}

End of format preservation}

Known Issues:

!exploitable

The instruction set is known to be incomplete.

KERNELMODEEXCEPTIONNOTHANDLED / KERNELMODEEXCEPTIONNOTHANDLED_M does not currently differentiate between read and write access violations.