Function Overrides - From a Security Mitigation to a Full-Fledged Performance Feature

Explore the evolution of Function Overrides, a groundbreaking technology developed by Microsoft for Windows 11 SV2 (22H2), in this 58-minute conference talk from Recon 2022. Delve into the origins of this feature as a security mitigation for memory safety bugs and its transformation into a comprehensive performance enhancement for the entire Windows Kernel. Gain insights into Microsoft's approach to balancing security and performance, with a focus on addressing issues related to Control Flow Guard (CFG). Learn about the internal implementation of Function Overrides in the NT and Secure Kernel, challenges encountered during development, and its impact on OS performance. Discover how Visual C++ and ASM compilers were modified to support this technology and how developers can leverage it for creating high-performance, secure applications. Conclude with a demonstration of Function Overrides in action on the latest Windows 11 system.