Skip to content

Implement new way of return address hijacking #55946

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
janvorli merged 4 commits into from
Jul 26, 2021
Merged

Implement new way of return address hijacking #55946

janvorli merged 4 commits into from
Jul 26, 2021

Conversation

@janvorli
Copy link
Member

@janvorli janvorli commented Jul 19, 2021
edited
Loading

This change implements a new way of return address hijacking for Intel
CET enabled Windows devices. It uses a mechanism created by the Windows
team for this purpose. The existing mechanism that just patches the
return address by an address of our helper routine would result in
process killing as it would seem like a ROP exploit.

Contributes to #47309

@janvorli
Implement new way of return address hijacking
0701946 
This change implements a new way of return address hijacking for Intel
CET enabled Windows devices. It uses a mechanism created by the Windows
team for this purpose. The existing mechanism that just patches the
return address by an address of our helper routine would result in
process killing as it would seem like a ROP exploit.
@janvorli janvorli added this to the 6.0.0 milestone Jul 19, 2021
@janvorli janvorli requested review from jkotas and kouvel July 19, 2021 18:15
@janvorli janvorli self-assigned this Jul 19, 2021
kouvel
kouvel approved these changes Jul 22, 2021
View reviewed changes
src/coreclr/debug/ee/wks/CMakeLists.txt Outdated
endif (CLR_CMAKE_HOST_ARCH_I386)

if (CLR_CMAKE_HOST_ARCH_AMD64)
list (APPEND ASM_OPTIONS /guard:ehcont)
Copy link
Contributor

@kouvel kouvel Jul 22, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is necessary, I enabled the flag for all asm files in #55942

Copy link
Member Author

@janvorli janvorli Jul 22, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, great! This was a remainder of my previous state.

src/coreclr/vm/wks/CMakeLists.txt Outdated
endif (CLR_CMAKE_HOST_ARCH_I386)

if (CLR_CMAKE_HOST_ARCH_AMD64)
set_source_files_properties(${VM_SOURCES_WKS_ARCH_ASM} PROPERTIES COMPILE_FLAGS "/guard:ehcont")
Copy link
Contributor

@kouvel kouvel Jul 22, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is necessary, I enabled the flag for all asm files in #55942

@janvorli janvorli merged commit 51886d1 into dotnet:main Jul 26, 2021
@janvorli janvorli deleted the implement-new-ra-hijacking branch July 26, 2021 14:39
@ghost ghost locked as resolved and limited conversation to collaborators Aug 25, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@jkotas jkotas Awaiting requested review from jkotas

1 more reviewer

@kouvel kouvel kouvel approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@janvorli janvorli

Labels

area-VM-coreclr

Projects

None yet

Milestone

6.0.0

Development

Successfully merging this pull request may close these issues.

2 participants

@janvorli @kouvel