[PATCH] ntdll: check and fix PE header protections

Sun Nov 7 20:34:27 CST 2010

Hi,

The PE header protection flags were wrong, adjusted
with testcase.

Also we have set flags that were not passed to memcpy()
(IMAGE and SYSTEM), remove them.

Perhaps fixes bug http://bugs.winehq.org/show_bug.cgi?id=25057

Ciao, Marcus
---
 dlls/ntdll/tests/info.c |   11 +++++++++++
 dlls/ntdll/virtual.c    |    5 ++++-
 2 files changed, 15 insertions(+), 1 deletions(-)

diff --git a/dlls/ntdll/tests/info.c b/dlls/ntdll/tests/info.c
index d228816..6345e08 100644
--- a/dlls/ntdll/tests/info.c
+++ b/dlls/ntdll/tests/info.c
@@ -1079,6 +1079,17 @@ static void test_queryvirtualmemory(void)
     char stackbuf[42];
     HMODULE module;
 
+    module = GetModuleHandle( "ntdll.dll" );
+    trace("Check flags of the PE header of NTDLL.DLL at %p\n", module);
+    status = pNtQueryVirtualMemory(NtCurrentProcess(), module, MemoryBasicInformation, &mbi, sizeof(MEMORY_BASIC_INFORMATION), &readcount);
+    ok( status == STATUS_SUCCESS, "Expected STATUS_SUCCESS, got %08x\n", status);
+    ok( readcount == sizeof(MEMORY_BASIC_INFORMATION), "Expected to read %d bytes, got %ld\n",(int)sizeof(MEMORY_BASIC_INFORMATION),readcount);
+    ok (mbi.AllocationBase == module, "mbi.AllocationBase is 0x%p, expected 0x%p\n", mbi.AllocationBase, module);
+    ok (mbi.AllocationProtect == PAGE_EXECUTE_WRITECOPY, "mbi.AllocationProtect is 0x%x, expected 0x%x\n", mbi.AllocationProtect, PAGE_EXECUTE_WRITECOPY);
+    ok (mbi.State == MEM_COMMIT, "mbi.State is 0x%x, expected 0x%x\n", mbi.State, MEM_COMMIT);
+    ok (mbi.Protect == PAGE_READONLY, "mbi.Protect is 0x%x, expected 0x%x\n", mbi.Protect, PAGE_READONLY);
+    ok (mbi.Type == MEM_IMAGE, "mbi.Type is 0x%x, expected 0x%x\n", mbi.Type, MEM_IMAGE);
+
     trace("Check flags of a function entry in NTDLL.DLL at %p\n", pNtQueryVirtualMemory);
     module = GetModuleHandle( "ntdll.dll" );
     status = pNtQueryVirtualMemory(NtCurrentProcess(), pNtQueryVirtualMemory, MemoryBasicInformation, &mbi, sizeof(MEMORY_BASIC_INFORMATION), &readcount);
diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c
index ea1400e..7dff79f 100644
--- a/dlls/ntdll/virtual.c
+++ b/dlls/ntdll/virtual.c
@@ -1445,10 +1445,13 @@ NTSTATUS virtual_create_builtin_view( void *module )
 
     if (status) return status;
 
+    /* The PE header is always read-only, no write, no execute. */
+    view->prot[0] = VPROT_COMMITTED | VPROT_READ;
+
     sec = (IMAGE_SECTION_HEADER *)((char *)&nt->OptionalHeader + nt->FileHeader.SizeOfOptionalHeader);
     for (i = 0; i < nt->FileHeader.NumberOfSections; i++)
     {
-        DWORD flags = VPROT_SYSTEM | VPROT_IMAGE | VPROT_COMMITTED;
+        BYTE flags = VPROT_COMMITTED;
 
         if (sec[i].Characteristics & IMAGE_SCN_MEM_EXECUTE) flags |= VPROT_EXEC;
         if (sec[i].Characteristics & IMAGE_SCN_MEM_READ) flags |= VPROT_READ;
-- 
1.7.1

