[2/3] ntdll: Alter security cookie on WIN64 (try 2)
André Hentschel
nerv at dawncrow.de
Tue Jun 16 15:10:25 CDT 2015
This time ARM64-only
I had trouble with that patch for x86_64 when testing EmEditor...
Still it is the only way to get an app on arm64 to start...
---
dlls/ntdll/virtual.c | 22 ++++++++++++++++++++++
include/winnt.h | 23 +++++++++++++++++++++++
2 files changed, 45 insertions(+)
diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c
index 72309f6..b1ce169 100644
--- a/dlls/ntdll/virtual.c
+++ b/dlls/ntdll/virtual.c
@@ -1053,6 +1053,25 @@ static NTSTATUS stat_mapping_file( struct file_view *view, struct stat *st )
return status;
}
+static void set_security_cookie(const char *base, const IMAGE_NT_HEADERS *nt)
+{
+#ifdef __aarch64__
+ if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC)
+ {
+ const IMAGE_NT_HEADERS64 *nt64 = (const IMAGE_NT_HEADERS64 *)nt;
+ DWORD addr;
+
+ if(IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG < nt64->OptionalHeader.NumberOfRvaAndSizes &&
+ (addr = nt64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress))
+ {
+ IMAGE_LOAD_CONFIG_DIRECTORY64 *loadcfg = (IMAGE_LOAD_CONFIG_DIRECTORY64 *)(base + addr);
+ ULONGLONG *cookie = (ULONGLONG *)loadcfg->SecurityCookie;
+
+ *cookie = 0x5ec0617fc0041eb9;
+ }
+ }
+#endif
+}
/***********************************************************************
* map_image
@@ -1307,6 +1326,9 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
sec->Characteristics, sec->Name );
}
+ /* adjust security cookie */
+ set_security_cookie(ptr, nt);
+
done:
view->mapping = dup_mapping;
view->map_protect = map_vprot;
diff --git a/include/winnt.h b/include/winnt.h
index 08e7f48..53f5ab1 100644
--- a/include/winnt.h
+++ b/include/winnt.h
@@ -3643,6 +3643,29 @@ typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY {
DWORD SEHandlerCount;
} IMAGE_LOAD_CONFIG_DIRECTORY, *PIMAGE_LOAD_CONFIG_DIRECTORY;
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64 {
+ DWORD Size;
+ DWORD TimeDateStamp;
+ WORD MajorVersion;
+ WORD MinorVersion;
+ DWORD GlobalFlagsClear;
+ DWORD GlobalFlagsSet;
+ DWORD CriticalSectionDefaultTimeout;
+ ULONGLONG DeCommitFreeBlockThreshold;
+ ULONGLONG DeCommitTotalFreeThreshold;
+ ULONGLONG LockPrefixTable;
+ ULONGLONG MaximumAllocationSize;
+ ULONGLONG VirtualMemoryThreshold;
+ ULONGLONG ProcessAffinityMask;
+ DWORD ProcessHeapFlags;
+ WORD CSDVersion;
+ WORD Reserved1;
+ ULONGLONG EditList;
+ ULONGLONG SecurityCookie;
+ ULONGLONG SEHandlerTable;
+ ULONGLONG SEHandlerCount;
+} IMAGE_LOAD_CONFIG_DIRECTORY64, *PIMAGE_LOAD_CONFIG_DIRECTORY64;
+
typedef struct _IMAGE_FUNCTION_ENTRY {
DWORD StartingAddress;
DWORD EndingAddress;
--
1.9.1
More information about the wine-patches
mailing list