mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-18 11:53:37 +00:00
Updated StackPivot
Added APIs intercepted
This commit is contained in:
Chris Jackson
@ -672,6 +672,43 @@ The *validate stack integrity (StackPivot) mitigation helps protect against the
|
||||
|
||||
This mitigation intercepts a number of Windows APIs, and inspects the value of the stack pointer. If the address of the stack pointer does not fall between the bottom and the top of the stack, then an event is recorded and, if not in audit mode, the process will be terminated.
|
||||
|
||||
The APIs intercepted by this mitigation are:
|
||||
|
||||
- LoadLibraryA
|
||||
- LoadLibraryW
|
||||
- LoadLibraryExA
|
||||
- LoadLibraryExW
|
||||
- LdrLoadDll
|
||||
- VirtualAlloc
|
||||
- VirtualAllocEx
|
||||
- NtAllocateVirtualMemory
|
||||
- VirtualProtect
|
||||
- VirtualProtectEx
|
||||
- NtProtectVirtualMemory
|
||||
- HeapCreate
|
||||
- RtlCreateHeap
|
||||
- CreateProcessA
|
||||
- CreateProcessW
|
||||
- CreateProcessInternalA
|
||||
- CreateProcessInternalW
|
||||
- NtCreateUserProcess
|
||||
- NtCreateProcess
|
||||
- NtCreateProcessEx
|
||||
- CreateRemoteThread
|
||||
- CreateRemoteThreadEx
|
||||
- NtCreateThreadEx
|
||||
- WriteProcessMemory
|
||||
- NtWriteVirtualMemory
|
||||
- WinExec
|
||||
- CreateFileMappingA
|
||||
- CreateFileMappingW
|
||||
- CreateFileMappingNumaW
|
||||
- NtCreateSection
|
||||
- MapViewOfFile
|
||||
- MapViewOfFileEx
|
||||
- MapViewOfFileFromApp
|
||||
- LdrGetProcedureAddressForCaller
|
||||
|
||||
### Compatibility considerations
|
||||
|
||||
Compatibility issues are uncommon. Applications which are leveraging fake stacks will be impacted, and there is also a small risk of revealing subtle timing bugs in multi-threaded applications.
|
||||
|
||||
Reference in New Issue
Block a user