Skip to content

Windows Arbitrary Code Guard

Aynı mitigation (ACG / ProcessDynamicCodePolicy): tam yazım için bkz. canonical not.

Mechanism

Bu, Arbitrary Code Guard (ACG) ile aynı Windows process-mitigation policy'sidir (ProcessDynamicCodePolicy): W^X'i tüm process üzerinde zorlar, yeni executable bellek allocate edilemez ve mevcut executable page'ler writable yapılamaz. Mekanizmanın tamamı canonical not'ta.

Walkthrough

Tam walkthrough, struct/flag tanımları, çalışan PoC ve out-of-process JIT detayı canonical not'ta: Arbitrary Code Guard (ACG).

References

  • Microsoft Learn, "PROCESS_MITIGATION_DYNAMIC_CODE_POLICY (winnt.h)" — https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-process_mitigation_dynamic_code_policy
  • Microsoft Edge Blog, "Mitigating arbitrary native code execution in Microsoft Edge" — https://blogs.windows.com/msedgedev/2017/02/23/mitigating-arbitrary-native-code-execution/
  • Microsoft Learn, "Exploit protection reference" — https://learn.microsoft.com/en-us/defender-endpoint/exploit-protection-reference