[PATCH 3/3] ntdll: Use ProcessCookie in RtlEncode/DecodePointer.

Myah Caron qsniyg at protonmail.com
Wed Oct 14 22:04:36 CDT 2020 

Signed-off-by: Myah Caron <qsniyg at protonmail.com>
---
I've opted to use a helper function, as it both makes the code cleaner, as well as avoid
unneeded "syscalls" (could be a performance issue for an application that calls
Encode/DecodePointer repeatedly).

 dlls/ntdll/rtl.c | 30 +++++++++++-------------------
 1 file changed, 11 insertions(+), 19 deletions(-)

diff --git a/dlls/ntdll/rtl.c b/dlls/ntdll/rtl.c
index 154de807501..8c8c8c9bb1a 100644
--- a/dlls/ntdll/rtl.c
+++ b/dlls/ntdll/rtl.c
@@ -1516,30 +1516,22 @@ WCHAR * WINAPI RtlIpv6AddressToStringW(const IN6_ADDR *address, WCHAR *str)
 }

 /***********************************************************************
- * get_pointer_obfuscator (internal)
+ * get_process_cookie (internal)
  */
-static DWORD_PTR get_pointer_obfuscator( void )
+static ULONG get_process_cookie( void )
 {
-    static DWORD_PTR pointer_obfuscator;
+    static ULONG process_cookie;

-    if (!pointer_obfuscator)
+    if (!process_cookie)
     {
-        ULONG seed = NtGetTickCount();
-        ULONG_PTR rand;
+        ULONG cookie;
+        NtQueryInformationProcess( NtCurrentProcess(), ProcessCookie, &cookie,
+                                   sizeof( cookie ), NULL );

-        /* generate a random value for the obfuscator */
-        rand = RtlUniform( &seed );
-
-        /* handle 64bit pointers */
-        rand ^= (ULONG_PTR)RtlUniform( &seed ) << ((sizeof (DWORD_PTR) - sizeof (ULONG))*8);
-
-        /* set the high bits so dereferencing obfuscated pointers will (usually) crash */
-        rand |= (ULONG_PTR)0xc0000000 << ((sizeof (DWORD_PTR) - sizeof (ULONG))*8);
-
-        InterlockedCompareExchangePointer( (void**) &pointer_obfuscator, (void*) rand, NULL );
+        InterlockedExchange( (LONG*)&process_cookie, cookie );
     }

-    return pointer_obfuscator;
+    return process_cookie;
 }

 /***********************************************************************
@@ -1575,7 +1567,7 @@ PVOID WINAPI RtlEncodePointer( PVOID ptr )
 {

     DWORD_PTR ptrval = (DWORD_PTR) ptr;
-    DWORD_PTR cookie = get_pointer_obfuscator();
+    DWORD_PTR cookie = (DWORD_PTR) get_process_cookie();

     /* http://blogs.msdn.com/b/michael_howard/archive/2006/08/16/702707.aspx */

@@ -1586,7 +1578,7 @@ PVOID WINAPI RtlEncodePointer( PVOID ptr )
 PVOID WINAPI RtlDecodePointer( PVOID ptr )
 {
     DWORD_PTR ptrval = (DWORD_PTR) ptr;
-    DWORD_PTR cookie = get_pointer_obfuscator();
+    DWORD_PTR cookie = (DWORD_PTR) get_process_cookie();

     ptrval = rotl_ptr(ptrval, cookie);
     return (PVOID)(ptrval ^ cookie);
--
2.28.0

More information about the wine-devel mailing list