Investigation of Kernel-Mode Shadow Stacks in Windows
/ 1 min read
🛡️✨ Exploring Kernel-Mode Shadow Stacks in Windows with Intel CET. A recent blog post by Connor McGarr delves into the implementation of kernel-mode shadow stacks in Windows, focusing on the Intel Control-flow Enforcement Technology (CET) and its Shadow-Stack feature. The article outlines how Windows utilizes Virtualization-Based Security (VBS) to enhance security against Return-Oriented Programming (ROP) attacks by maintaining a protected shadow stack that verifies return addresses during execution. McGarr discusses the intricacies of shadow stack creation, the role of the Secure Kernel, and the debugging process using the SourcePoint debugger. The post aims to provide insights into the technical workings of these security features, emphasizing the importance of the Secure Kernel in maintaining the integrity of kernel-mode shadow stacks.
