Didier Stevens

Monday 13 June 2011

EMET Article

Filed under: Vulnerabilities — Didier Stevens @ 0:00

(IN)SECURE Magazine published my article on Microsoft’s Enhanced Mitigation Experience Toolkit.

It contains many details I’ve yet to discuss on this blog.



  1. The most interesting article in this release. (Maybe due to the fact that I’m an end-user, not and IT Manager)

    EMET is a great tool. Like you wrote, there’s no warning, no notification.

    I’m still running tests, since not everything may work. 7zip for instance can’t open or unpack archives when it loads emet.dll (Which means you are safe from exploits for 7zip that require to open or unpack the archive ;))
    7zip reports that it can’t find the code. As 7zip was a new addition I had no time to figure out why that happens. (EAF doesn’t seem to be the problem as it fails without it)

    BTW: Before I discovered the existences of EMET I read your blog posts about HeapLocker, which is very promising too. Unfortunately it’s not that easy to handle for the Average Joe.

    Comment by bastik — Monday 13 June 2011 @ 7:58

  2. […] I pointed out in my article on EMET, this base address is different each time a new process is started (unlike ASLR which needs a […]

    Pingback by So How Good is Pseudo-ASLR? « Didier Stevens — Tuesday 16 August 2011 @ 0:31

  3. What I forgot to add to the post: I disabled all mitigation techiques in EMET, except ASLR.

    Comment by Didier Stevens — Saturday 20 August 2011 @ 3:08

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.