cpu-features: Ignore CET SS unless actively used

frida · Jun 9, 2024 · f670c75 · f670c75
1 parent dc11cd1
commit f670c75
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/gum/gum.c b/gum/gum.c
@@ -732,6 +732,9 @@ gum_do_query_cpu_features (void)
   gboolean cpu_supports_cet_ss = FALSE;
   gboolean os_enabled_xsave = FALSE;
   guint a, b, c, d;
+#ifdef HAVE_WINDOWS
+  PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY pol;
+#endif
 
   if (gum_get_cpuid (7, &a, &b, &c, &d))
   {
@@ -745,6 +748,19 @@ gum_do_query_cpu_features (void)
   if (cpu_supports_avx2 && os_enabled_xsave)
     features |= GUM_CPU_AVX2;
 
+#ifdef HAVE_WINDOWS
+  if (cpu_supports_cet_ss &&
+      GetProcessMitigationPolicy(
+        GetCurrentProcess(),
+        ProcessUserShadowStackPolicy,
+        &pol,
+        sizeof pol
+      ) &&
+      !pol.EnableUserShadowStack) {
+    cpu_supports_cet_ss = FALSE;
+  }
+#endif
+
   if (cpu_supports_cet_ss)
     features |= GUM_CPU_CET_SS;