* [PATCH v2] peflags: add support for IMAGE_DLLCHARACTERISTICS_GUARD_CF
@ 2023-04-17 18:40 Christoph Reiter
2023-04-18 7:44 ` Corinna Vinschen
0 siblings, 1 reply; 4+ messages in thread
From: Christoph Reiter @ 2023-04-17 18:40 UTC (permalink / raw)
To: cygwin-apps; +Cc: Christoph Reiter
This allows for setting, clearing, and displaying the value of the
"control flow guard" dll characteristics flag.
The flag for MSVC is called "/guard:cf" and the macro ends with "GUARD_CF".
To keep things consistent, it would make sense to name the option "guard-cf".
However, there's already "-c"/"control-flow-guard" in genpeimg for this flag,
and genpeimg shares all other options with peflags so far.
So, follow genpeimg and go with "-c" and "--control-flow-guard".
This is motivated by mingw-w64 and llvm v16 gaining support for
CFG (Control Flow Guard).
---
Renamed the option from -g/--guard-cf to -c/--control-flow-guard
peflags.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/peflags.c b/peflags.c
index b1cd7a8..93eaa0b 100644
--- a/peflags.c
+++ b/peflags.c
@@ -121,7 +121,7 @@ static const symbolic_flags_t pe_symbolic_flags[] = {
CF(0x0800, no-bind),
/*CF(0x1000, reserved_0x1000),*/
CF(0x2000, wdmdriver),
-/*CF(0x4000, reserved_0x4000),*/
+ CF(0x4000, control-flow-guard),
CF(0x8000, tsaware),
{0, 0, 0}
};
@@ -182,6 +182,7 @@ sizeof_values_t sizeof_vals[5] = {
static struct option long_options[] = {
{"dynamicbase", optional_argument, NULL, 'd'},
{"high-entropy-va", optional_argument, NULL, 'e'},
+ {"control-flow-guard", optional_argument, NULL, 'c'},
{"forceinteg", optional_argument, NULL, 'f'},
{"nxcompat", optional_argument, NULL, 'n'},
{"no-isolation", optional_argument, NULL, 'i'},
@@ -204,7 +205,7 @@ static struct option long_options[] = {
{NULL, no_argument, NULL, 0}
};
static const char *short_options
- = "d::e::f::n::i::s::b::W::t::w::l::S::x::X::y::Y::z::T:vhV";
+ = "d::e::c::f::n::i::s::b::W::t::w::l::S::x::X::y::Y::z::T:vhV";
static void short_usage (FILE *f);
static void help (FILE *f);
@@ -706,6 +707,11 @@ parse_args (int argc, char *argv[])
optarg,
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA);
break;
+ case 'c':
+ handle_pe_flag_option (long_options[option_index].name,
+ optarg,
+ IMAGE_DLLCHARACTERISTICS_GUARD_CF);
+ break;
case 'n':
handle_pe_flag_option (long_options[option_index].name,
optarg,
@@ -1079,6 +1085,8 @@ help (FILE *f)
" -e,\n"
" --high-entropy-va [BOOL] Image is compatible with 64-bit address space\n"
" layout randomization (ASLR).\n"
+" -c,\n"
+" --control-flow-guard [BOOL] Image supports Control Flow Guard.\n"
" -f, --forceinteg [BOOL] Code integrity checks are enforced.\n"
" -n, --nxcompat [BOOL] Image is compatible with data execution\n"
" prevention (DEP).\n"
--
2.40.0
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2] peflags: add support for IMAGE_DLLCHARACTERISTICS_GUARD_CF
2023-04-17 18:40 [PATCH v2] peflags: add support for IMAGE_DLLCHARACTERISTICS_GUARD_CF Christoph Reiter
@ 2023-04-18 7:44 ` Corinna Vinschen
2023-04-18 16:47 ` Christoph Reiter
0 siblings, 1 reply; 4+ messages in thread
From: Corinna Vinschen @ 2023-04-18 7:44 UTC (permalink / raw)
To: Christoph Reiter; +Cc: cygwin-apps
Hi Christoph,
On Apr 17 20:40, Christoph Reiter via Cygwin-apps wrote:
> This allows for setting, clearing, and displaying the value of the
> "control flow guard" dll characteristics flag.
>
> The flag for MSVC is called "/guard:cf" and the macro ends with "GUARD_CF".
> To keep things consistent, it would make sense to name the option "guard-cf".
> However, there's already "-c"/"control-flow-guard" in genpeimg for this flag,
> and genpeimg shares all other options with peflags so far.
> So, follow genpeimg and go with "-c" and "--control-flow-guard".
>
> This is motivated by mingw-w64 and llvm v16 gaining support for
> CFG (Control Flow Guard).
> ---
> Renamed the option from -g/--guard-cf to -c/--control-flow-guard
>
> peflags.c | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
Pash pushed. I new rebase 4.6.3 release with your patch is just
building.
Thanks,
Corinna
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2] peflags: add support for IMAGE_DLLCHARACTERISTICS_GUARD_CF
2023-04-18 7:44 ` Corinna Vinschen
@ 2023-04-18 16:47 ` Christoph Reiter
2023-04-19 15:06 ` Brian Inglis
0 siblings, 1 reply; 4+ messages in thread
From: Christoph Reiter @ 2023-04-18 16:47 UTC (permalink / raw)
To: cygwin-apps, Christoph Reiter
On Tue, Apr 18, 2023 at 9:44 AM Corinna Vinschen
<corinna-cygwin@cygwin.com> wrote:
> Pash pushed. I new rebase 4.6.3 release with your patch is just
> building.
Thanks!
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2] peflags: add support for IMAGE_DLLCHARACTERISTICS_GUARD_CF
2023-04-18 16:47 ` Christoph Reiter
@ 2023-04-19 15:06 ` Brian Inglis
0 siblings, 0 replies; 4+ messages in thread
From: Brian Inglis @ 2023-04-19 15:06 UTC (permalink / raw)
To: cygwin-apps
On 2023-04-18 10:47, Christoph Reiter wrote:
> On Tue, Apr 18, 2023 at 9:44 AM Corinna Vinschen wrote:
>> Pash pushed. I new rebase 4.6.3 release with your patch is just
>> building.
Extended DLL Characteristics was added for IBT/CET/CFI and AMD/Intel Shadow
Stack support has been available since W10 [20]20H1/[20]2004 in a PE Debug
Directory entry with Debug Type IMAGE_DEBUG_TYPE_EX_DLLCHARACTERISTICS (20.)
with value IMAGE_DLLCHARACTERISTICS_EX_CET_COMPAT (1)
https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#extended-dll-characteristics
Are there any plans to support those debug directory entries and flags in
genpeimg and/or peflags, and Windows shadow stack support in mingw64 and/or Cygwin?
The Linux implementation is discussed in https://lwn.net/Articles/883340/ as
Intel architected the (soon former) Linux CoW PTE bit combo Write 0 Dirty 1 as
Shadow Stack page flag, possibly anticipating that they could contribute kernel
patches to work around this more quickly than has transpired.
I got interested in this as I plan to add Linux cpuinfo flag user_shstk, on
recent CPUs and Windows releases with that support, to next Cygwin cpuinfo patch.
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-04-19 15:07 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-17 18:40 [PATCH v2] peflags: add support for IMAGE_DLLCHARACTERISTICS_GUARD_CF Christoph Reiter
2023-04-18 7:44 ` Corinna Vinschen
2023-04-18 16:47 ` Christoph Reiter
2023-04-19 15:06 ` Brian Inglis
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).