Checksec, but for Windows
Switch branches/tags
Nothing to show
Clone or download
woodruffw test: Use Tee-Object to capture JSON
Once again, I find myself blindly fighting PowerShell.
Latest commit 3ab3989 Oct 17, 2018


Build status

winchecksec performs static detection of common Windows security features.

The following security features are currently detected:

  • ASLR:
    • /DYNAMICBASE with stripped relocation entries edge-case
    • /HIGHENTROPYVA for 64-bit systems
  • Code integrity/signing:
    • Authenticode-signed with a valid (trusted, active) certificate
  • DEP (a.k.a. W^X, NX)
  • Manifest isolation via (/ALLOWISOLATION)
  • Structured Exception Handling and SafeSEH support
  • Control Flow Guard and Return Flow Guard instrumentation
  • Stack cookie (/GS) support


winchecksec has no dependencies other than Windows itself, and should build with any reasonably modern cmake. It'll audit binaries of any architecture, but you should build it as 64-bit:

> mkdir build
> cd build
> cmake -G "Visual Studio 15 2017 Win64" ..
> cmake --build . --config Release
> .\Release\winchecksec.exe C:\Windows\notepad.exe


winchecksec has two output modes: a plain-text mode for easy reading, and a JSON mode for consumption in other programs. The plain-text mode is the default; JSON output is enabled by passing -j:

> .\Release\winchecksec.exe C:\Windows\notepad.exe

Dynamic Base    : true
ASLR            : true
High Entropy VA : true
Force Integrity : false
Isolation       : true
NX              : true
SEH             : true
CFG             : true
RFG             : false
SafeSEH         : false
GS              : true
Authenticode    : false

> .\Release\winchecksec.exe -j C:\Windows\notepad.exe


winchecksec only takes one file at a time. To run it on multiple files or entire directories, wrap it in a loop.

Statistics for different flags across EXEs on Windows 10

Prevalence of various security features on a vanilla Windows 10 (1803) installation:

aslr authenticode cfg dynamicBase forceIntegrity gs highEntropyVA isolation nx rfg safeSEH seh
79% 37% 49% 79% 3% 65% 43% 100% 79% 6% 25% 91%