View Full Version : SMEP: What is it, and how to beat it on Windows

j00ru vx tech blog
June 5th, 2011, 06:18
(Collaborative post by Mateusz ‘j00ru’ Jurczyk & Gynvael Coldwind)
Early Sunday morning discussion has resulted in j00ru coming up with an idea to mitigate some variants of kernel exploitation techniques by introducing a CPU feature that would disallow execution control transfers in kernel-mode to code residing in user memory area pages (e.g. addresses < 080000000 on a 32-bit Windows with default settings) [...]