Windows Arbitrary Code Guard¶
Aynı mitigation (ACG /
ProcessDynamicCodePolicy): tam yazım için bkz. canonical not.
Mechanism¶
Bu, Arbitrary Code Guard (ACG) ile aynı Windows
process-mitigation policy'sidir (ProcessDynamicCodePolicy): W^X'i tüm process
üzerinde zorlar, yeni executable bellek allocate edilemez ve mevcut executable
page'ler writable yapılamaz. Mekanizmanın tamamı canonical not'ta.
Walkthrough¶
Tam walkthrough, struct/flag tanımları, çalışan PoC ve out-of-process JIT detayı canonical not'ta: Arbitrary Code Guard (ACG).
References¶
- Microsoft Learn, "PROCESS_MITIGATION_DYNAMIC_CODE_POLICY (winnt.h)" — https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-process_mitigation_dynamic_code_policy
- Microsoft Edge Blog, "Mitigating arbitrary native code execution in Microsoft Edge" — https://blogs.windows.com/msedgedev/2017/02/23/mitigating-arbitrary-native-code-execution/
- Microsoft Learn, "Exploit protection reference" — https://learn.microsoft.com/en-us/defender-endpoint/exploit-protection-reference