Exploit Mitigations
SMEP
Will cause 0x000000fc ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY
, depends on hardware to avoid executing userland pages from kernel land. Watch: https://www.abatchy.com/2018/01/kernel-exploitation-4.
KeCheckStackAndTargetAddress
Win10 build 15063+ calls KeCheckStackAndTargetAddress() to check current rsp and context rsp to be in the range of PsGetCurrentThread's stack limits
Last updated