Re: [PATCH v2] peflags: add support for IMAGE_DLLCHARACTERISTICS_GUARD_CF
On 2023-04-18 10:47, Christoph Reiter wrote: On Tue, Apr 18, 2023 at 9:44 AM Corinna Vinschen wrote: Pash pushed. I new rebase 4.6.3 release with your patch is just building. Extended DLL Characteristics was added for IBT/CET/CFI and AMD/Intel Shadow Stack support has been available since W10 [20]20H1/[20]2004 in a PE Debug Directory entry with Debug Type IMAGE_DEBUG_TYPE_EX_DLLCHARACTERISTICS (20.) with value IMAGE_DLLCHARACTERISTICS_EX_CET_COMPAT (1) https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#extended-dll-characteristics Are there any plans to support those debug directory entries and flags in genpeimg and/or peflags, and Windows shadow stack support in mingw64 and/or Cygwin? The Linux implementation is discussed in https://lwn.net/Articles/883340/ as Intel architected the (soon former) Linux CoW PTE bit combo Write 0 Dirty 1 as Shadow Stack page flag, possibly anticipating that they could contribute kernel patches to work around this more quickly than has transpired. I got interested in this as I plan to add Linux cpuinfo flag user_shstk, on recent CPUs and Windows releases with that support, to next Cygwin cpuinfo patch. -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry
Re: [PATCH v2] peflags: add support for IMAGE_DLLCHARACTERISTICS_GUARD_CF
On Tue, Apr 18, 2023 at 9:44 AM Corinna Vinschen wrote: > Pash pushed. I new rebase 4.6.3 release with your patch is just > building. Thanks!
Re: [PATCH v2] peflags: add support for IMAGE_DLLCHARACTERISTICS_GUARD_CF
Hi Christoph, On Apr 17 20:40, Christoph Reiter via Cygwin-apps wrote: > This allows for setting, clearing, and displaying the value of the > "control flow guard" dll characteristics flag. > > The flag for MSVC is called "/guard:cf" and the macro ends with "GUARD_CF". > To keep things consistent, it would make sense to name the option "guard-cf". > However, there's already "-c"/"control-flow-guard" in genpeimg for this flag, > and genpeimg shares all other options with peflags so far. > So, follow genpeimg and go with "-c" and "--control-flow-guard". > > This is motivated by mingw-w64 and llvm v16 gaining support for > CFG (Control Flow Guard). > --- > Renamed the option from -g/--guard-cf to -c/--control-flow-guard > > peflags.c | 12 ++-- > 1 file changed, 10 insertions(+), 2 deletions(-) Pash pushed. I new rebase 4.6.3 release with your patch is just building. Thanks, Corinna
[PATCH v2] peflags: add support for IMAGE_DLLCHARACTERISTICS_GUARD_CF
This allows for setting, clearing, and displaying the value of the "control flow guard" dll characteristics flag. The flag for MSVC is called "/guard:cf" and the macro ends with "GUARD_CF". To keep things consistent, it would make sense to name the option "guard-cf". However, there's already "-c"/"control-flow-guard" in genpeimg for this flag, and genpeimg shares all other options with peflags so far. So, follow genpeimg and go with "-c" and "--control-flow-guard". This is motivated by mingw-w64 and llvm v16 gaining support for CFG (Control Flow Guard). --- Renamed the option from -g/--guard-cf to -c/--control-flow-guard peflags.c | 12 ++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/peflags.c b/peflags.c index b1cd7a8..93eaa0b 100644 --- a/peflags.c +++ b/peflags.c @@ -121,7 +121,7 @@ static const symbolic_flags_t pe_symbolic_flags[] = { CF(0x0800, no-bind), /*CF(0x1000, reserved_0x1000),*/ CF(0x2000, wdmdriver), -/*CF(0x4000, reserved_0x4000),*/ + CF(0x4000, control-flow-guard), CF(0x8000, tsaware), {0, 0, 0} }; @@ -182,6 +182,7 @@ sizeof_values_t sizeof_vals[5] = { static struct option long_options[] = { {"dynamicbase", optional_argument, NULL, 'd'}, {"high-entropy-va", optional_argument, NULL, 'e'}, + {"control-flow-guard", optional_argument, NULL, 'c'}, {"forceinteg", optional_argument, NULL, 'f'}, {"nxcompat", optional_argument, NULL, 'n'}, {"no-isolation", optional_argument, NULL, 'i'}, @@ -204,7 +205,7 @@ static struct option long_options[] = { {NULL, no_argument, NULL, 0} }; static const char *short_options - = "d::e::f::n::i::s::b::W::t::w::l::S::x::X::y::Y::z::T:vhV"; + = "d::e::c::f::n::i::s::b::W::t::w::l::S::x::X::y::Y::z::T:vhV"; static void short_usage (FILE *f); static void help (FILE *f); @@ -706,6 +707,11 @@ parse_args (int argc, char *argv[]) optarg, IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA); break; + case 'c': + handle_pe_flag_option (long_options[option_index].name, +optarg, +IMAGE_DLLCHARACTERISTICS_GUARD_CF); + break; case 'n': handle_pe_flag_option (long_options[option_index].name, optarg, @@ -1079,6 +1085,8 @@ help (FILE *f) " -e,\n" " --high-entropy-va [BOOL] Image is compatible with 64-bit address space\n" " layout randomization (ASLR).\n" +" -c,\n" +" --control-flow-guard [BOOL] Image supports Control Flow Guard.\n" " -f, --forceinteg [BOOL] Code integrity checks are enforced.\n" " -n, --nxcompat [BOOL] Image is compatible with data execution\n" " prevention (DEP).\n" -- 2.40.0