GadgetInspector

Gadget-based Callstack Spoofing Detector

Tested on:

https://github.com/pard0p/CallstackSpoofingPOC

It should also detect: https://github.com/klezVirus/SilentMoonwalk

How to use it?

gadget_inspector.exe -p <PID> or --pid <PID>
gadget_inspector.exe -o <NAME> or --output <NAME>

Example:

gadget_inspector.exe -p 1000 -o out.txt

All PIDs:

gadget_inspector.exe -o out.txt

To compile

g++ .\gadget_inspector.cpp -o .\gadget_inspector.exe -ldbghelp

WARNING

This is an UNFINISHED proof of concept. Certain situations can cause false positives.