This is a great piece of software! Thank you for hard work! I think it can be made even better with stronger security by means of building Tixati with the following flags:
- Kernel-Mode Hardware-Enforced Stack Protection (the most important one -
https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815 )
- Data Execution Protection
- Control Flow Guard
- eXtended Control Flow Guard
- Bottom-Up ASLR
- High-Entropy ASLR
- Heap Termination on Corruption
- Strict Handle Checks
- Dynamic Code Prohibition
- Dynamic Code Prohibition (per-thread)
- Extension Point Disablement
- Non-Microsoft Binary Block
- Non-Microsoft Font Block
- Remote Load Disablement
- Low Integrity Load Disablement
Aside from Kernel-Mode Hardware-Enforced Stack Protection and eXtended Control Flow Guard, all of the mentioned flags can be enforced within Windows OS via Image File Execution Options located in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options". An easy to look at such flags is with GFlagsX -
https://github.com/zodiacon/GflagsX .
Improvement can be taken even further by sandboxing Tixati by default to prevent other applications from interacting with Tixati via IPC, COM Objects, Windows, etc. Sandboxie can do that, but that is a third party application. App Isolation can also be applied via Windows AppContainers -
https://blogs.windows.com/windowsdeveloper/2023/06/14/public-preview-improve-win32-app-security-via-app-isolation/ .