From 2e7dc3578663f052b8ee1d39df4a2ad41ed02300 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Mon, 8 Nov 2010 03:34:27 +0100 Subject: [PATCH] ntdll: Check and fix PE header protections. --- dlls/ntdll/tests/info.c | 11 +++++++++++ dlls/ntdll/virtual.c | 5 ++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/dlls/ntdll/tests/info.c b/dlls/ntdll/tests/info.c index d2288168ca0..6345e088038 100644 --- a/dlls/ntdll/tests/info.c +++ b/dlls/ntdll/tests/info.c @@ -1079,6 +1079,17 @@ static void test_queryvirtualmemory(void) char stackbuf[42]; HMODULE module; + module = GetModuleHandle( "ntdll.dll" ); + trace("Check flags of the PE header of NTDLL.DLL at %p\n", module); + status = pNtQueryVirtualMemory(NtCurrentProcess(), module, MemoryBasicInformation, &mbi, sizeof(MEMORY_BASIC_INFORMATION), &readcount); + ok( status == STATUS_SUCCESS, "Expected STATUS_SUCCESS, got %08x\n", status); + ok( readcount == sizeof(MEMORY_BASIC_INFORMATION), "Expected to read %d bytes, got %ld\n",(int)sizeof(MEMORY_BASIC_INFORMATION),readcount); + ok (mbi.AllocationBase == module, "mbi.AllocationBase is 0x%p, expected 0x%p\n", mbi.AllocationBase, module); + ok (mbi.AllocationProtect == PAGE_EXECUTE_WRITECOPY, "mbi.AllocationProtect is 0x%x, expected 0x%x\n", mbi.AllocationProtect, PAGE_EXECUTE_WRITECOPY); + ok (mbi.State == MEM_COMMIT, "mbi.State is 0x%x, expected 0x%x\n", mbi.State, MEM_COMMIT); + ok (mbi.Protect == PAGE_READONLY, "mbi.Protect is 0x%x, expected 0x%x\n", mbi.Protect, PAGE_READONLY); + ok (mbi.Type == MEM_IMAGE, "mbi.Type is 0x%x, expected 0x%x\n", mbi.Type, MEM_IMAGE); + trace("Check flags of a function entry in NTDLL.DLL at %p\n", pNtQueryVirtualMemory); module = GetModuleHandle( "ntdll.dll" ); status = pNtQueryVirtualMemory(NtCurrentProcess(), pNtQueryVirtualMemory, MemoryBasicInformation, &mbi, sizeof(MEMORY_BASIC_INFORMATION), &readcount); diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c index ea1400e2ff4..7dff79f88b7 100644 --- a/dlls/ntdll/virtual.c +++ b/dlls/ntdll/virtual.c @@ -1445,10 +1445,13 @@ NTSTATUS virtual_create_builtin_view( void *module ) if (status) return status; + /* The PE header is always read-only, no write, no execute. */ + view->prot[0] = VPROT_COMMITTED | VPROT_READ; + sec = (IMAGE_SECTION_HEADER *)((char *)&nt->OptionalHeader + nt->FileHeader.SizeOfOptionalHeader); for (i = 0; i < nt->FileHeader.NumberOfSections; i++) { - DWORD flags = VPROT_SYSTEM | VPROT_IMAGE | VPROT_COMMITTED; + BYTE flags = VPROT_COMMITTED; if (sec[i].Characteristics & IMAGE_SCN_MEM_EXECUTE) flags |= VPROT_EXEC; if (sec[i].Characteristics & IMAGE_SCN_MEM_READ) flags |= VPROT_READ;