Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Control Flow Guard

Jimmy_JamesJimmy_James Member - All Emails Posts: 109
All,
I'm looking for information on Control Flow Guard (CFG). Specifically, I'm
wondering how widely it is supported for kernel mode drivers. In my search
I found the very userful post from Ken Johnson (
https://www.osronline.com/showthread.cfm?link=283374) which seems to state
that CFG is only supported for OSes hosted by hypervisor when HVCI is
enabled. I'm wondering if anyone has any updated information on this.
TIA!

Comments

  • Ken_JohnsonKen_Johnson Member - All Emails Posts: 1,559
    If you are speaking about the OS side of things, the situation hasn’t since changed :

    Kernel mode CFG requires HVCI to be enabled in order for kernel CFG to be enforced. (The root partition is also allowed to enable HVCI, and often does for client scenarios that involve HVCI, for example; HVCI is not a guest OS only capability.)

    User mode CFG is independent of HVCI (though it does require NX enforcement for CFG to be effective; note that Windows has required processors to support NX for several releases now, and virtually all modern processors released in well over the last 10 years support NX).


    Drivers and apps built with CFG instrumentation will work fine on old OS’s, or in configurations without CFG being enforced. The CFG instrumentation only “lights up” when paired with an OS with CFG enabled that wires up the support when loading images. Otherwise, the instrumentation is effectively a no-op if the image is used in a “CFG-unaware” environment.

    - Ken

    From: [email protected] [mailto:[email protected]] On Behalf Of JIm james
    Sent: Friday, February 02, 2018 3:50 PM
    To: Windows File Systems Devs Interest List
    Subject: [ntfsd] Control Flow Guard

    All,
    I'm looking for information on Control Flow Guard (CFG). Specifically, I'm wondering how widely it is supported for kernel mode drivers. In my search I found the very userful post from Ken Johnson (https://www.osronline.com/showthread.cfm?link=283374) which seems to state that CFG is only supported for OSes hosted by hypervisor when HVCI is enabled. I'm wondering if anyone has any updated information on this.
    TIA!
    --- NTFSD is sponsored by OSR MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Internals & Software Drivers 7 February 2022 Live, Online
Kernel Debugging 21 March 2022 Live, Online
Developing Minifilters 23 May 2022 Live, Online
Writing WDF Drivers 12 September 2022 Live, Online