/guard(启用控制流保护)/guard (Enable Control Flow Guard)

允许编译器生成控制流保护安全性检查。Enable compiler generation of Control Flow Guard security checks.




/guard:cf 选项使编译器在编译时为间接调用目标分析控制流,然后插入代码以在运行时验证目标。The /guard:cf option causes the compiler to analyze control flow for indirect call targets at compile time, and then to insert code to verify the targets at runtime. 默认情况下, /guard:cf 处于关闭状态,必须显式启用它。By default, /guard:cf is off and must be explicitly enabled. 若要显式禁用此选项,请使用 /guard:cf-To explicitly disable this option, use /guard:cf-.

Visual Studio 2017 和更高版本: 此选项将添加为临界切换生成的语句跳转表。Visual Studio 2017 and later: This option adds guards for switch statements that generate jump tables.

当指定 /guard:cf 控制流监护 (CFG) 选项时,编译器和链接器会插入额外的运行时安全性检查,以检测会危及你的代码的尝试。When the /guard:cf Control Flow Guard (CFG) option is specified, the compiler and linker insert extra runtime security checks to detect attempts to compromise your code. 在编译和链接期间,将分析代码中的所有间接调用以查找当代码正确时它能够到达的每个位置。During compiling and linking, all indirect calls in your code are analyzed to find every location that the code can reach when it runs correctly. 此信息存储在你二进制文件标头的额外结构中。This information is stored in extra structures in the headers of your binaries. 编译器还会在代码中的每个间接调用之前插入检查,以确保目标是已验证过的位置之一。The compiler also injects a check before every indirect call in your code that ensures the target is one of the verified locations. 如果运行时 CFG 感知的操作系统上检查失败,操作系统将关闭该程序。If the check fails at runtime on a CFG-aware operating system, the operating system closes the program.

常见的软件攻击充分利用的是处理极端或意外输入中的 Bug。A common attack on software takes advantage of bugs in handling extreme or unexpected inputs. 构思巧妙应用程序输入可能会覆盖包含指向可执行代码的指针的位置。Carefully crafted input to the application may overwrite a location that contains a pointer to executable code. 这可用来将控制流重定向到由攻击者控制的代码。This can be used to redirect control flow to code controlled by the attacker. CFG 运行时检查不会修复你可执行文件中的数据损坏 Bug。The CFG runtime checks do not fix the data corruption bugs in your executable. 而是使攻击者难以利用它们来执行任意代码。They instead make it more difficult for an attacker to use them to execute arbitrary code. CFG 是一种缓解工具,用于防止对你代码中函数入口点以外的位置进行调用。CFG is a mitigation tool that prevents calls to locations other than function entry points in your code. 它类似于数据执行保护 (DEP)、 /GS 堆栈检查以及 /DYNAMICBASE/HIGHENTROPYVA 地址空间布局随机化 (ASLR) 如何降低你的代码成为攻击向量的可能性。It's similar to how Data Execution Prevention (DEP), /GS stack checks, and /DYNAMICBASE and /HIGHENTROPYVA address space layout randomization (ASLR) lower the chances that your code becomes an exploit vector.

必须将 /guard:cf 选项传递给编译器和链接器以生成使用 CFG 利用缓解技术的代码。The /guard:cf option must be passed to both the compiler and linker to build code that uses the CFG exploit mitigation technique. 如果你的二进制文件是使用单个 cl 命令生成的,则编译器会将该选项传递到链接器。If your binary is built by using a single cl command, the compiler passes the option to the linker. 如果你分别编译和链接,则必须同时在编译器和链接器命令上设置该选项。If you compile and link separately, the option must be set on both the compiler and linker commands. /DYNAMICBASE 链接器选项也是必需的。The /DYNAMICBASE linker option is also required. 若要验证你的二进制文件具有 CFG 数据,请使用 dumpbin /headers /loadconfig 命令。To verify that your binary has CFG data, use the dumpbin /headers /loadconfig command. 支持 CFG 的二进制文件在 EXE 或 DLL 的特征列表中具有 Guard ,并且 Guard 标志包括 CF InstrumentedFID table presentCFG-enabled binaries have Guard in the list of EXE or DLL characteristics, and Guard Flags include CF Instrumented and FID table present.

/guard:cf 选项与 /ZI (编辑并继续调试信息)或 /clr (公共语言运行时编译)不兼容。The /guard:cf option is incompatible with /ZI (Edit and Continue debug information) or /clr (Common Language Runtime Compilation).

使用 /guard:cf 编译的代码可以链接到不是使用该选项编译的库和对象文件。Code compiled by using /guard:cf can be linked to libraries and object files that are not compiled by using the option. 当还通过使用 /guard:cf 选项链接以及在 CFG 感知的操作系统上运行时,仅此代码具有 CFG 保护。Only this code, when also linked by using the /guard:cf option and run on a CFG-aware operating system, has CFG protection. 由于不使用此选项编译的代码不会停止攻击,因此我们建议你将此选项用于你编译的所有代码上。Because code compiled without the option will not stop an attack, we recommend that you use the option on all the code you compile. 有用于 CFG 检查的较小的运行时成本,但编译器分析会尝试优化去除可证明是安全的间接跳转上的检查。There is a small runtime cost for CFG checks, but the compiler analysis attempts to optimize away the checks on indirect jumps that can be proven to be safe.

在 Visual Studio 开发环境中设置此编译器选项To set this compiler option in the Visual Studio development environment

  1. 打开项目的“属性页” 对话框。Open the project's Property Pages dialog box. 有关详细信息,请参阅使用项目属性For details, see Working with Project Properties.

  2. 依次选择 “配置属性”“C/C++”“代码生成”Select Configuration Properties, C/C++, Code Generation.

  3. 选择 “控制流保护” 属性。Select the Control Flow Guard property.

  4. 在下拉控件中,选择 “是” 以启用控制流保护,或选择 “否” 加以禁用。In the dropdown control, choose Yes to enable Control Flow Guard, or No to disable it.

请参阅See Also

编译器选项Compiler Options
设置编译器选项Setting Compiler Options