[Bug 37355] Multiple software protection schemes need ntoskrnl ' MmMapLockedPagesSpecifyCache' implementation (Tages Protection v5.x, BattleEye's 'bedaisy.sys')

[wine-bugs at winehq.org]

https://bugs.winehq.org/show_bug.cgi?id=37355

--- Comment #30 from Richard Yao <ryao at gentoo.org> ---
(In reply to Zebediah Figura from comment #26)
> I think needing root privileges probably rules this approach out. Is there
> anything preventing the aforementioned approach using APCs from working?

To answer the APCs question, if that does what I think it does, it would be a
pain to to handle MmMapLockedPagesSpecifyCache if it is invoked multiple times
on the same pages such that different processes expect to share the same pages.
Here is a scenario:

1. Process 2 invokes MmMapLockedPagesSpecifyCache to map pages from process 1
into itself. The two expect to share this memory.
2. Process 3 invokes MmMapLockedPagesSpecifyCache to map pages from process 2
into itself. All 3 expect to share the same memory.
3. In a naive implementation, we would copy and remap the pages on the second
MmMapLockedPagesSpecifyCache call, such that process 1 will have different
pages from process 3.

You also need to handle multiple adjacent allocations and do reference
counting. You basically get to reimplement the kernel's memory management,
which is plenty of effort to get right. The kernel does all of this for us, so
why reimplement it? We'd never have an implementation that is both fast and
correct either due to the need to stop all of the processes' threads to copy
things in a way that would match what it would normally see. The fact that we
need to copy at all would slow this down.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.