Compatibility with Hardware-enforced Stack Protection

Issues related to VMProtect
Post Reply
VEG
Posts: 4
Joined: Mon Aug 02, 2021 5:38 am

Compatibility with Hardware-enforced Stack Protection

Post by VEG »

We make extensive use of VMProtect in user-mode and kernel-mode to protect our product from reverse engineers.

The new generations of CPUs offer hardware enforced stack protection (Anti ROP) that Microsoft makes full use of in the latest builds of Windows 10 and Windows 11. In fact, on hardware that supports it, HSP is on by default for kernel mode code on Windows 11 if HVCI is enabled.

VMProtect is compliant with HVCI and this is fantastic, however, it does not work when HSP is on. AFAIK, the return address for the VMExit is placed on the stack and jumped to through a ret instruction. All drivers protected with VMP will therefore BSOD on Windows 11 unless this security feature is turned off.

We like VMP and we would like to keep using it in the future. Do you think it would be possible to make an update to VMP that would make it be CET compliant?
VEG
Posts: 4
Joined: Mon Aug 02, 2021 5:38 am

Re: Compatibility with Hardware-enforced Stack Protection

Post by VEG »

Windows 11 will be released on October 5. Any news about adding compatibility with Hardware-enforced Stack Protection? Please tell at least if it is planned to support and when it can be expected to be supported.
Admin
Site Admin
Posts: 2566
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: Compatibility with Hardware-enforced Stack Protection

Post by Admin »

Unfortunately we are not going to add the CET support in the nearest future.
Admin
Site Admin
Posts: 2566
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: Compatibility with Hardware-enforced Stack Protection

Post by Admin »

We are going to add the support of CET in the next version.
abcdefghijklnmopqrst
Posts: 30
Joined: Fri Sep 23, 2022 5:37 pm

Re: Compatibility with Hardware-enforced Stack Protection

Post by abcdefghijklnmopqrst »

Admin wrote:We are going to add the support of CET in the next version.
Added?
Admin
Site Admin
Posts: 2566
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: Compatibility with Hardware-enforced Stack Protection

Post by Admin »

Not yet.
tony-cheng
Posts: 4
Joined: Wed Apr 26, 2023 2:00 am

Re: Compatibility with Hardware-enforced Stack Protection

Post by tony-cheng »

Admin wrote:We are going to add the support of CET in the next version.
When will the support of CET be added? Thanks!
hackerman99
Posts: 4
Joined: Thu Apr 20, 2023 12:18 pm

Re: Compatibility with Hardware-enforced Stack Protection

Post by hackerman99 »

Yeah any updates on this would be great.
Admin
Site Admin
Posts: 2566
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: Compatibility with Hardware-enforced Stack Protection

Post by Admin »

Added in the 1728 build.
hackerman99
Posts: 4
Joined: Thu Apr 20, 2023 12:18 pm

Re: Compatibility with Hardware-enforced Stack Protection

Post by hackerman99 »

Is build 1728 released? If I purchase now I get CET support yes?
Post Reply