I have verified this issue has been fixed.
Thanks.
Search found 6 matches
- Fri Mar 19, 2021 6:47 am
- Forum: madCodeHook
- Topic: Intel's CET Shadow Stack issue
- Replies: 47
- Views: 200371
- Thu Mar 18, 2021 3:19 am
- Forum: madCodeHook
- Topic: Intel's CET Shadow Stack issue
- Replies: 47
- Views: 200371
Re: Intel's CET Shadow Stack issue
Good news, but my subscription has expired.
Would you send test program to verify?
You can make the test program like this.
Create "sc.exe" process and Inject the dll which hooks NtTerminateProcess API.
Would you send test program to verify?
You can make the test program like this.
Create "sc.exe" process and Inject the dll which hooks NtTerminateProcess API.
- Wed Mar 10, 2021 11:43 am
- Forum: madCodeHook
- Topic: Intel's CET Shadow Stack issue
- Replies: 47
- Views: 200371
Re: Intel's CET Shadow Stack issue
Yes, I think only RET. Windows seems to support Shadow Stack, not Indirect Branch Tracking of CET. Control-flow Enforcement Technology (CET) provides the following capabilities to defend against ROP/JOP style control-flow subversion attacks: Shadow Stack – return address protection to defend again...
- Wed Mar 10, 2021 1:40 am
- Forum: madCodeHook
- Topic: Intel's CET Shadow Stack issue
- Replies: 47
- Views: 200371
Re: Intel's CET Shadow Stack issue
I don't see anything about CALL and JMP instructions being watched in the first link. Yes, CALL instructions get special handling, but only for the purpose of "filling" the shadow stack, so that the RET return address can be verified successfully. Other than that, I don't see any special ...
- Tue Mar 09, 2021 2:37 am
- Forum: madCodeHook
- Topic: Intel's CET Shadow Stack issue
- Replies: 47
- Views: 200371
Re: Intel's CET Shadow Stack issue
Currently, only critical processes seem to be activated. But some svchost are activated and others are disabled. https://techcommunity.microsoft.com/t5/image/serverpage/image-id/257465iC3F558E0B3ADE6FD/image-size/large?v=1.0&px=999 To enable shadow stack enforcement statically, you need to compi...
- Mon Mar 08, 2021 5:15 am
- Forum: madCodeHook
- Topic: Intel's CET Shadow Stack issue
- Replies: 47
- Views: 200371
Intel's CET Shadow Stack issue
In Windows 10 2004 (19041.622) on 11th Gen Intel CPU When I call next hook inside my callback funtion in 64-bit native windows process (sc.exe, svchost.exe, ..), the process crashed with C0000409 (Security check failure or Stack buffer overrun) I verified it is Hardware-enforced Stack Protection. ht...