Control-flow integrity - Wikipedia

This post is an introduction into Arm Memory Tagging Extensions (MTE), a hardware-based defense against memory safety vulnerabilities. Arm MTE is available in Google Pixel 8 devices (released 2023) and in iPhone 17 devices (released 2025). The focus of this post is on explaining the high-level ideas, why MTE is important, and how developers can enable MTE in their Android and iOS apps. Background: memory allocations Programs store data in memory either on the stack or on the heap. Generally, the stack is used for data that is small and whose size is known when the program is compiled. The heap is used for larger data and for data whose size is only known when the program executes (for example, any data that the user inputs).

An x64dbg plugin which marks XFG call signatures as data - m417z/x64dbg-xfg-marker

A Blog About Stuff

Richard is a Partner Research Manager at Microsoft Research, Cambridge, where he leads a team researching data-center scale storage technologi…

This is a blog post outlining the odyssey I recently took to implementthe Wasm exception-handlingproposal inWasmtime, the open-sourceWebAssembly engine for which I’m a coreteam member/maintainer, and its Craneliftcompiler backend.

Be crime do gay

Microsoft eXtended Flow Guard (XFG) is a control-flow integrity (CFI) technique that extends CFG with function call signatures. It was presented by Microsoft in 2019, and it’s an interesting mitigation, but this blog post isn’t going to discuss its security implications. Instead, I’m going to show how XFG can be used to help with reverse engineering.

The other day I was working on a pwn challenge and I noticed something interesting: its version of libc had partial RELRO enabled. To redirect control flow I tried overwriting one of libc’s GOT entries with a one_gadget, but I didn’t have enough register control to pop a shell. That got me thinking: what if we could use libc’s GOT as a sort of jump table? This is a technique (itself a specific kind of JOP) I’d like to dub1 called “GOT-oriented programming” (GOP).

Discussions around memory safety often focus on choice of language, and how the language can provide memory safety guarantees. Unfortunately, choosing a language is a decision made at the start of a project. Migrating an existing C or C++ project to a safer language is much harder than starting a new project in a safe language1. I’m not going to say this is impossible, or that you can’t or shouldn’t migrate existing programs to safer languages. And sometimes people just do things in open-source, and that’s part of the fun of it.

We introduce a new C++ function tracing profiler, and discuss how to use such a profiler, how to make one for native code, and how a simple CPU hardware feature can make tracing very cheap for compiled, interpreted and JITted languages