Shadow Stack


Shadow Stack
A shadow stack is a mechanism for protecting a procedure's stored return address, such as from a stack buffer overflow. The shadow stack itself is a second, separate stack that "shadows" the program call stack. In the function prologue, a function stores its return address to both the call stack and the shadow stack. In the function epilogue, a function loads the return address from both the call stack and the shadow stack, and then compares them. If the two records of the return address differ, then an attack is detected.
defined by


Inferred Relationships

This page is experimental and may change significantly in future releases.



Related Countermeasure Techniques

No related defensive techniques in this release.

Related Weaknesses

Related Offensive Techniques

No related offensive techniques in this release.