ntdll: Check and fix PE header protections.

This commit is contained in:
Marcus Meissner 2010-11-08 03:34:27 +01:00 committed by Alexandre Julliard
parent 62409c42b1
commit 2e7dc35786
2 changed files with 15 additions and 1 deletions

View File

@ -1079,6 +1079,17 @@ static void test_queryvirtualmemory(void)
char stackbuf[42]; char stackbuf[42];
HMODULE module; HMODULE module;
module = GetModuleHandle( "ntdll.dll" );
trace("Check flags of the PE header of NTDLL.DLL at %p\n", module);
status = pNtQueryVirtualMemory(NtCurrentProcess(), module, MemoryBasicInformation, &mbi, sizeof(MEMORY_BASIC_INFORMATION), &readcount);
ok( status == STATUS_SUCCESS, "Expected STATUS_SUCCESS, got %08x\n", status);
ok( readcount == sizeof(MEMORY_BASIC_INFORMATION), "Expected to read %d bytes, got %ld\n",(int)sizeof(MEMORY_BASIC_INFORMATION),readcount);
ok (mbi.AllocationBase == module, "mbi.AllocationBase is 0x%p, expected 0x%p\n", mbi.AllocationBase, module);
ok (mbi.AllocationProtect == PAGE_EXECUTE_WRITECOPY, "mbi.AllocationProtect is 0x%x, expected 0x%x\n", mbi.AllocationProtect, PAGE_EXECUTE_WRITECOPY);
ok (mbi.State == MEM_COMMIT, "mbi.State is 0x%x, expected 0x%x\n", mbi.State, MEM_COMMIT);
ok (mbi.Protect == PAGE_READONLY, "mbi.Protect is 0x%x, expected 0x%x\n", mbi.Protect, PAGE_READONLY);
ok (mbi.Type == MEM_IMAGE, "mbi.Type is 0x%x, expected 0x%x\n", mbi.Type, MEM_IMAGE);
trace("Check flags of a function entry in NTDLL.DLL at %p\n", pNtQueryVirtualMemory); trace("Check flags of a function entry in NTDLL.DLL at %p\n", pNtQueryVirtualMemory);
module = GetModuleHandle( "ntdll.dll" ); module = GetModuleHandle( "ntdll.dll" );
status = pNtQueryVirtualMemory(NtCurrentProcess(), pNtQueryVirtualMemory, MemoryBasicInformation, &mbi, sizeof(MEMORY_BASIC_INFORMATION), &readcount); status = pNtQueryVirtualMemory(NtCurrentProcess(), pNtQueryVirtualMemory, MemoryBasicInformation, &mbi, sizeof(MEMORY_BASIC_INFORMATION), &readcount);

View File

@ -1445,10 +1445,13 @@ NTSTATUS virtual_create_builtin_view( void *module )
if (status) return status; if (status) return status;
/* The PE header is always read-only, no write, no execute. */
view->prot[0] = VPROT_COMMITTED | VPROT_READ;
sec = (IMAGE_SECTION_HEADER *)((char *)&nt->OptionalHeader + nt->FileHeader.SizeOfOptionalHeader); sec = (IMAGE_SECTION_HEADER *)((char *)&nt->OptionalHeader + nt->FileHeader.SizeOfOptionalHeader);
for (i = 0; i < nt->FileHeader.NumberOfSections; i++) for (i = 0; i < nt->FileHeader.NumberOfSections; i++)
{ {
DWORD flags = VPROT_SYSTEM | VPROT_IMAGE | VPROT_COMMITTED; BYTE flags = VPROT_COMMITTED;
if (sec[i].Characteristics & IMAGE_SCN_MEM_EXECUTE) flags |= VPROT_EXEC; if (sec[i].Characteristics & IMAGE_SCN_MEM_EXECUTE) flags |= VPROT_EXEC;
if (sec[i].Characteristics & IMAGE_SCN_MEM_READ) flags |= VPROT_READ; if (sec[i].Characteristics & IMAGE_SCN_MEM_READ) flags |= VPROT_READ;