ntdll: Randomize security cookie when available (try 6)

André Hentschel nerv at dawncrow.de
Tue Jul 7 12:50:25 CDT 2015


try 6: made seed static, only initialize it 
---
 dlls/ntdll/virtual.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c
index bc3f7cd..c742a5d 100644
--- a/dlls/ntdll/virtual.c
+++ b/dlls/ntdll/virtual.c
@@ -1278,6 +1278,26 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
         }
     }
 
+
+    /* randomize security cookie */
+
+    if (IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG < nt->OptionalHeader.NumberOfRvaAndSizes &&
+        (pos = nt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress))
+    {
+        static ULONG seed;
+        IMAGE_LOAD_CONFIG_DIRECTORY *loadcfg = (IMAGE_LOAD_CONFIG_DIRECTORY *)(ptr + pos);
+        ULONG_PTR *cookie = (ULONG_PTR *)loadcfg->SecurityCookie;
+
+        if (!seed)
+            seed = NtGetTickCount();
+        *cookie = RtlRandom( &seed );
+#ifdef _WIN64
+        /* Fill up, but keep the highest word clear */
+        *cookie ^= (ULONG_PTR)RtlRandom( &seed ) << 16;
+#endif
+    }
+
+
     /* set the image protections */
 
     VIRTUAL_SetProt( view, ptr, ROUND_SIZE( 0, header_size ), VPROT_COMMITTED | VPROT_READ );
-- 
1.9.1




More information about the wine-patches mailing list