It says
"Whilst compiling and linking code, it analyzes and discovers every location that any indirect-call instruction can reach. It builds that knowledge into the binaries (in extra data structures). It also injects a check, before every indirect-call in your code, that ensures the target is one of those expected, safe, locations. If that check fails at runtime, the Operating System closes the program"
I will evaluate this, e.g. performance impact and effectiveness against JOP/ROP attacks, when I'm free, and update this post then :-)
Update:
MJ0011, "Windows 10 Control Flow Guard Internals"
http://webhard.milkgun.kr/%EC%9E%90%EB%A3%8C/POC%202014/MJ0011%20-%20Windows%2010%20Control%20Flow%20Guard%20Internals.pdf
No comments:
Post a Comment