GFlagsX with Mitigation Options

Discussion in 'other anti-malware software' started by Mister X, Jun 21, 2017.

  1. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,889
    Location:
    Mexico
    IMHO, they are just perfect. :thumb:

    Thanks a lot.
     
  2. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    675
    Location:
    Europe
    @WildByDesign :
    Thank you for your valuable answer.
    Yes, it works perfectly with HMPA but GFlagsX Mitigations offers a full more mitigation protections if you compare with HMPA.
    No conflicts excepted with "Block Non-Microsoft Binaries" to "Always On" for Microsoft Office apps. You choose either Mitigation protection with HMPA either GFlags in this case.
     
  3. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,132
    Location:
    Toronto, Canada
    GFlagsX (2017-06-27)
    Link: https://sendit.cloud/t8tgt38ath26

    • cleaned up the UI
    • went with no titlebar option (you can still drag/move app)
    • added option to remember window location from previous run
    Unfortunately I still could not remove that white bar (tab) from previous versions (without breaking functionality) even after days of studying code. So for now I have tried to visually transform that tab into looking like an icon. I've given up on trying to remove it now.

    GFlagsX.png


    @Ashanta You're welcome.
     
  4. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,889
    Location:
    Mexico
    @WildByDesign

    Thank you it looks cleaner. Re that white stripe? I'm not losing any sleep :)
    I know, it's a matter of tastes. I rather have that white stripe than an icon with white "canvas" look. The program/author's name was nice too :thumb: /ignore-me.
     
  5. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,132
    Location:
    Toronto, Canada
    GFlagsX (2017-06-28
    Link: https://sendit.cloud/5f76h4ktfcaa

    This is definitely my best build of this yet with every last pixel measured. This will likely be the last build until the developer updates the mitigations to include all of the latest mitigations from EMET which are now in the latest Insider RS3 build. I've decided to drop the dark theme entirely because I just can't fix the underlying issue and I've tried every possible method to do so. So I've kept the light version going, made it smaller and cleaner looking by removing unnecessary parts of the UI.

    GFlagsX-light-final.png


    Anyway, I tested GFlagsX MitigationOptions (with all mitigations checked) on RS3 Insider build with the Windows Defender Exploit Guard (WDEG) modern app for curiosity. WDEG picked up the settings accurately and noted that 15 mitigations were enabled. I should point out that in RS3 builds within WDEG thanks to the addition of the remaineder or EMET ROP mitigations and all, there were 20+ mitigations.
    Microsoft has renamed some of the mitigations in RS3. For example, Disable Dynamic Code was renamed to Arbitrary Code Guard (ACG) if I recall correctly. MS is attempting to rename most mitigations into fancy terms which end with "Guard" it seems.

    But anyway, as most of you know already, GFlagsX gives us much of this power already. Once RS3 comes closer, the GFlagsX developer has confirmed that he will add the EMET mitigations for Caller Check, IAF, EAF/EAF+, Disable Child Process, etc., etc. Therefore lots of goodies coming in the next few months from MS with RS3 mitigations and updates from GFlagsX developer.


    @Mister X Thank you for your feedback.
     
  6. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,889
    Location:
    Mexico
    My pleasure as always.

    Btw is it right or legit add you username as the compiler for these builds? If so, I think you deserve that credit, lot of hard work and brain to do it.
     
  7. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,889
    Location:
    Mexico
    This is just great.

    Edit: This last compilation looks very good, beautiful indeed.
     
  8. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,315
    Perfect! Thanks!
     
  9. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,132
    Location:
    Toronto, Canada
    Sure, I had never thought of that. I appreciate it. :thumb:

    You're welcome.


    GFlagsX (2017-06-29) Special Edition
    Link: https://sendit.cloud/3svwoccdrznk


    GFlagsX-Special Edition 2.png


    I never give up on anything; too persistent for my own good. :D
     
    Last edited: Jun 29, 2017
  10. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,889
    Location:
    Mexico
  11. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,132
    Location:
    Toronto, Canada
    You're welcome. Thank you for your valuable input and suggestions as well. I will keep this "Special Edition 2" build as the base build for any future builds and therefore likely only minor adjustments to the UI from now on. I am really happy with the way it turned out and spent a ridiculous amount of hours measuring pixels and so on. I'm glad that the Dark themed build finally came together in the end. And once the developer adds the new mitigations from RS3, it will be easy to update this as well. I'm looking into whether or not I should fork this and have all of this code available on Github and so on. I'll try to figure that out later tonight.
     
  12. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,132
    Location:
    Toronto, Canada
    Just a quick question for any users of GFlagsX:

    Are you all OK if we just keep the Dark themed build going forward? Or would you prefer that there be both a Dark build and a Light build?

    Personally, I prefer the Dark build entirely. But if anybody wants the Light themed build as well, I can make that happen and maintain both.
     
  13. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,889
    Location:
    Mexico
    I vote for both themes, thanks.
     
  14. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,527
    Location:
    U.S.A. (South)
    Likewise
     
  15. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,132
    Location:
    Toronto, Canada
    Thank you. :thumb:

    GFlagsX (2017-06-30) Dark & Light Themes
    Link: https://sendit.cloud/c2z6cewmw47k


    GFlagsX-Dark-Light-Twins.png


    There we are. These two (Dark & Light) builds will continue to be the base for my builds going forward. Thanks everyone for your suggestions.
     
  16. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,889
    Location:
    Mexico
    Perfect. Well done.
     
  17. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,132
    Location:
    Toronto, Canada
    Guys/Gals, this is just a minor update with some very minor UI alignment changes.


    GFlagsX 2017-07-08
    • contains both Dark and Light themes
    • shortened "Heap Termination Upon Corruption" to "Heap Termination"
    • minor UI alignment changes (few pixels here, few pixels there...)

    Download: https://sendit.cloud/tk4gq7671t25
     
  18. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,889
    Location:
    Mexico
    Thanks. I liked that shortened line.
     
  19. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,132
    Location:
    Toronto, Canada
  20. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,132
    Location:
    Toronto, Canada
    Sorry for another build so soon after the previous, but I was able to fix a bug from the original 0.21 source code which had the tiny "New Image" window opening way over on the screen which seemed very odd and out of place. The New Image window is where you can enter the name of an executable image (eg. chrome.exe) to begin setting up process mitigations for an executable that was not already in your IFEO MitigationOptions registry settings yet.


    GFlagsX 2017-07-09
    • fixed it so that "New Image" window opens in the center of the screen (similar to GFlagsX main window)

    Download: https://sendit.cloud/lsp8tohqvj3l


    Oh by the way, here is a working MitigationOptions HEX code for GFlagsX - Dark.exe and GFlagsX - Light.exe: 1111110101111105

    I figure that we might just as well have exploit mitigations for whichever processes we can, so long as those mitigations do not cause any negative side effects. Just as Microsoft is enabling more and more process mitigations both system-wide and per-process with each new iteration of Windows 10 upgrades.
     
  21. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,889
    Location:
    Mexico
  22. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,315
  23. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,132
    Location:
    Toronto, Canada
  24. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,527
    Location:
    U.S.A. (South)
    As always thanks @WildByDesign for helping point us to useful programs AND features whatever they are. Mitigations should torque things down even tighter where needed to keep the bugs out. :)
     
  25. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,889
    Location:
    Mexico
    @WildByDesign

    Just to comment about Paste function, Ctrl + V won't work on the Mitigation Options (hex) case.