Introduction

As part of a brief fundamentals series, I want to use this blog as an opportunity for me to revisit some concepts that I am aware of. The first of these concepts is CFG, simply because it is something I feel like my knowledge is very shallow on. There will not be anything new to most, but if you also feel like you have a shallow knowledge of CFG, hopefully this will help.

What is CFG?

Control Flow Guard is a security feature designed to restrict where code can be executed from on a system with Microsoft-provided examples being to make memory corruption vulnerabilities more difficult to exploit. CFG is enabled per application, so this isn’t like other Windows settings which get blanketly applied across the whole system.

Example of a CFG-enabled binary

Whilst many popular applications utilise CFG, I will use Google Chrome as an example to help illustrate some attributes that are applied to the application as part of CFG.

WIP

Acknowledgments

A special thanks to the following resources, which have greatly helped my knowledge and the content in this post.