I am able to parse ASLR, DEP, SEH, etc. from the DOS headers but not sure how to tell if the file was compiled with /GS stack canaries.
I am writing a program, so pointing me to a program like PEStudio won't help me unless its open source.
Is this part of the dos headers? Or do I have to scan the .data section for __security_cookie?
The Load Configuration Directory is an IMAGE_LOAD_CONFIG_DIRECTORY structure.
Check the SecurityCookie member: if it's not 0 then /GS is in use for this PE.