Compatibility with Hardware-enforced Stack Protection
Posted: Mon Aug 02, 2021 5:55 am
We make extensive use of VMProtect in user-mode and kernel-mode to protect our product from reverse engineers.
The new generations of CPUs offer hardware enforced stack protection (Anti ROP) that Microsoft makes full use of in the latest builds of Windows 10 and Windows 11. In fact, on hardware that supports it, HSP is on by default for kernel mode code on Windows 11 if HVCI is enabled.
VMProtect is compliant with HVCI and this is fantastic, however, it does not work when HSP is on. AFAIK, the return address for the VMExit is placed on the stack and jumped to through a ret instruction. All drivers protected with VMP will therefore BSOD on Windows 11 unless this security feature is turned off.
We like VMP and we would like to keep using it in the future. Do you think it would be possible to make an update to VMP that would make it be CET compliant?
The new generations of CPUs offer hardware enforced stack protection (Anti ROP) that Microsoft makes full use of in the latest builds of Windows 10 and Windows 11. In fact, on hardware that supports it, HSP is on by default for kernel mode code on Windows 11 if HVCI is enabled.
VMProtect is compliant with HVCI and this is fantastic, however, it does not work when HSP is on. AFAIK, the return address for the VMExit is placed on the stack and jumped to through a ret instruction. All drivers protected with VMP will therefore BSOD on Windows 11 unless this security feature is turned off.
We like VMP and we would like to keep using it in the future. Do you think it would be possible to make an update to VMP that would make it be CET compliant?