We make extensive use of VMProtect in user-mode and kernel-mode to protect our product from reverse engineers.
The new generations of CPUs offer hardware enforced stack protection (Anti ROP) that Microsoft makes full use of in the latest builds of Windows 10 and Windows 11. In fact, on hardware that supports it, HSP is on by default for kernel mode code on Windows 11 if HVCI is enabled.
VMProtect is compliant with HVCI and this is fantastic, however, it does not work when HSP is on. AFAIK, the return address for the VMExit is placed on the stack and jumped to through a ret instruction. All drivers protected with VMP will therefore BSOD on Windows 11 unless this security feature is turned off.
We like VMP and we would like to keep using it in the future. Do you think it would be possible to make an update to VMP that would make it be CET compliant?
Issues related to VMProtect
3 posts • Page 1 of 1
Windows 11 will be released on October 5. Any news about adding compatibility with Hardware-enforced Stack Protection? Please tell at least if it is planned to support and when it can be expected to be supported.
Unfortunately we are not going to add the CET support in the nearest future.