Issues with Intel's CET technology (Intel 11th gen or AMD Zen 3 cpus)

x64 version issues
Post Reply
ngidalov
Posts: 4
Joined: Tue Sep 06, 2011 8:15 am

Issues with Intel's CET technology (Intel 11th gen or AMD Zen 3 cpus)

Post by ngidalov » Wed Oct 20, 2021 7:44 am

Dear Sirs,

I'm a registered and very satisfied user of Enigma protector x86 and x64 software.

But lately our users started to report software crashes when using our protected dlls.

The problem has been pinpointed to the Hardware Enforced Stack Protection (Shadows Stack) and the CET Compatibility introduced in Windows 10 and also available in Windows 11.

https://techcommunity.microsoft.com/t5/ ... -p/2163340

This "feature" is enabled by default on Intel 11th gen or AMD Zen 3 cpus.

All Chrome based browsers (starting from R90) and all Windows executables are compiled and delivered with this CET Compatibility flag.

Our solution is based on a monitoring and profiling dll that is loaded in the started processes (among others the Chome process) with the purpose to profile and monitor the memory and the graphics subsystems.

The dll is simply encrypted by enigma protector x64. No additional licensing checks, VMBox , protection feature, trails, etc, are enabled. Just protection by encryption.
The problem is that when the library is loaded in the target process, a missmatch between the shadow stack and the actual stack is detected and the process is killed with the error code FAIL_FAST_CONTROL_INVALID_RETURN_ADDRESS.
Note, that this does not happen when the dll is not protected by Enigma protector.

We also used the Intel's SDE Emulator to run the software with loading this protected dll and we confirmed that the SDE reports also the same errors
https://www.intel.com/content/www/us/en ... ology.html

Here is a report from SDE. Again , SDE does not detect any Shadow Stack mismatch when the dll is not protected.
////////////
Control flow error: IP: 0x00007ffa3f120297 expected (shadow stack): 0x00007ff482c20d72 got (actual return address): 0x00007ffa3eeaffae
INS: ret
Call stack:
# IP FUNCTION IMAGE NAME FILE NAME:LINE:COLUMN
0# 0x00007ffa3f1200d1 C:\Program Files (x86)\Profiling\Prof64.dll:0x001da00d1
1# 0x00007ffa3f1200d1 C:\Program Files (x86)\Profiling\Prof64.dll:0x001da00d1
2# 0x00007ff482c2043b UNKNOWN IMAGE
3# 0x00007ff482c20455 UNKNOWN IMAGE
4# 0x00007ff482c2036a UNKNOWN IMAGE
///////////////////////////

Do you have an advice or suggestion on how to tackle this issue?

Since the Intel 11th gen and AMD Zen 3 cpus are more commonly used and Microsoft and Intel are pushing this technology forward, I would really like to see Enigma protector being compatible with this CET technology and still allow a level of protection and encryption.

With kind regards,
Nikola

ngidalov
Posts: 4
Joined: Tue Sep 06, 2011 8:15 am

Re: Issues with Intel's CET technology (Intel 11th gen or AMD Zen 3 cpus)

Post by ngidalov » Sun Oct 24, 2021 1:09 pm

Hi,

Can anyone from EnigmaProtector support please try to address this issue? Is there any workaround or a solution?
I also emailed the issue to support@enigmaprotector.com but so far no response.

Thanks,
Nikola

Enigma
Site Admin
Posts: 2681
Joined: Wed Aug 20, 2008 2:24 pm

Re: Issues with Intel's CET technology (Intel 11th gen or AMD Zen 3 cpus)

Post by Enigma » Mon Oct 25, 2021 7:17 am

Hi Nikola, we got your message and email, trying to check it out.

As for now, there is no workaround for this feature. Enigma is used techniques and technologies, that are not compatible with CET at all.

But we will be checking what can be done. Unfortunately, this is long term issue, there is no and could be no fast solution.

JoseGarrettnp
Posts: 1
Joined: Wed Oct 27, 2021 12:32 pm

Re: Issues with Intel's CET technology (Intel 11th gen or AMD Zen 3 cpus)

Post by JoseGarrettnp » Wed Oct 27, 2021 12:41 pm

I don't know if their mail is active at all support@enigmaprotector.com. Because I've already written to them several times and haven't received a reply...

Enigma
Site Admin
Posts: 2681
Joined: Wed Aug 20, 2008 2:24 pm

Re: Issues with Intel's CET technology (Intel 11th gen or AMD Zen 3 cpus)

Post by Enigma » Wed Oct 27, 2021 1:31 pm

Hi, yes, definitely active. We did not find any email that come from your address. Can you let me know what email address you used to send us emails?

Post Reply