Which command should you run?

Your network contains an Active Directory domain named contoso.com.
You plan to deploy an application named App1.exe.
You need to verify whether Control Flow Guard is enabled for App1.exe. Which command should you run?

Your network contains an Active Directory domain named contoso.com.
You plan to deploy an application named App1.exe.
You need to verify whether Control Flow Guard is enabled for App1.exe. Which command should you run?

A.
Dumpbin.exe /dependents /locadconfig App1.exe

B.
Dumpbin.exe /headers /locadconfig App1.exe

C.
Dumpbin.exe /relocations /locadconfig App1.exe

D.
Dumpbin.exe /symbols /locadconfig App1.exe

E.
Sfc.exe /dependents /locadconfig App1.exe

F.
Sfc.exe /headers /locadconfig App1.exe

G.
Sfc.exe /relocations /locadconfig App1.exe

H.
Sfc.exe /symbols /locadconfig App1.exe

I.
Sigverif.exe /dependents /locadconfig App1.exe

J.
Sigverif.exe /headers /locadconfig App1.exe
K.
Sigverif.exe /relocations /locadconfig App1.exe
L.
Sigverif.exe /symbols /locadconfig App1.exe
M.
Verifier.exe /dependents /locadconfig App1.exe
N.
Verifier.exe /headers /locadconfig App1.exe
O.
Verifier.exe /relocations /locadconfig App1.exe
P.
Verifier.exe /symbols /locadconfig App1.exe

Explanation:
https://msdn.microsoft.com/en-us/library/windows/desktop/mt637065(v=vs.85).aspx
Control Flow Guard (CFG) is a highly-optimized platform security feature that was created to combat memory
corruption vulnerabilities.
By placing tight restrictions on where an application can execute code from, it makes it much harder for exploits
to execute arbitrary code through vulnerabilities
such as buffer overflows.To verify if Control Flow Guard is enable for a certain application executable:-
Run the dumpbin.exe tool (included in the Visual Studio 2015 installation) from the Visual Studio command
prompt with the /headers and /loadconfig options:
dumpbin.exe /headers /loadconfig test.exe.
The output for a binary under CFG should show that the header values include “Guard”, and that the load
config values include “CF Instrumented” and “FID table
present”.1



Leave a Reply 0

Your email address will not be published. Required fields are marked *