[06/23] ntdll: Map empty page if needed inside system mappings.
Andrew Wesie
awesie at gmail.com
Sun Nov 13 12:35:06 CST 2016
Some anti-debug protections will try to read all of the memory
for a loaded system DLL. This patch will handle the page fault when
it attempts to read the space between sections.
Signed-off-by: Andrew Wesie <awesie at gmail.com>
---
dlls/ntdll/virtual.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c
index e826fa0..f70e9fc 100644
--- a/dlls/ntdll/virtual.c
+++ b/dlls/ntdll/virtual.c
@@ -1512,6 +1512,11 @@ NTSTATUS virtual_handle_fault( LPCVOID addr, DWORD err, BOOL on_signal_stack )
/* ignore fault if page is writable now */
if (VIRTUAL_GetUnixProt( *vprot ) & PROT_WRITE) ret = STATUS_SUCCESS;
}
+ if (err == 0 && (view->protect & VPROT_SYSTEM))
+ {
+ wine_anon_mmap(page, page_size, PROT_READ, MAP_FIXED);
+ ret = STATUS_SUCCESS;
+ }
if (!on_signal_stack && (*vprot & VPROT_GUARD))
{
VIRTUAL_SetProt( view, page, page_size, *vprot & ~VPROT_GUARD );
--
2.7.4
More information about the wine-patches
mailing list