| 摘要 |
<p>Techniques for detecting security exploits associated with return oriented programming are described herein. For example a computing device may determine that a retrieved count is indicative of malicious activity such as return oriented programming. The computing device may retrieve the count from a processor performance counter of prediction mismatches the prediction mismatches resulting from comparisons of a call stack of the computing device and of a shadow call stack maintained by a processor of the computing device. In response to determining that the count indicates malicious activity the computing device may perform at least one security response action.</p> |
