Stack protection flag for Windows version

[ghost]

I notice some new/updated applications began adding flags for new Windows features, such as Hardware-Enforced Stack Protection, which is protection against Return Oriented Programming (ROP) and is labeled as "Stack protection" in executable image flags and is also known as Shadow Stack.

I don't fully understand whether it is simply a flag that can be raised for an executable image or a feature that requires integration, but I can't find a way to raise that flag via Image File Execution Options in Windows registry. I know Cromite doesn't have any problems running if this feature is enabled Windows 11. Firefox, for example, raises that flag for Firefox.exe images on its own only if "security.sandbox.content.shadow-stack.enabled" is set to "True" in "about:config", but its an experimental feature (in Firefox) and using so breaks a lot of websites and many extensions.

Another good flag to support is "Dynamic Code Prohibition (per-thread)" because Image File Execution Options only allow general "Dynamic Code Prohibition" flag, not the "per-thread" one.

[uazo]

I know nothing about it, but it sounds like an interesting topic.