ntdll: Randomize security cookie when available (try 4)
André Hentschel
nerv at dawncrow.de
Thu Jun 25 14:22:01 CDT 2015
try4: Using a better seed
---
dlls/ntdll/virtual.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c
index 72309f6..c995614 100644
--- a/dlls/ntdll/virtual.c
+++ b/dlls/ntdll/virtual.c
@@ -32,6 +32,9 @@
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
#endif
@@ -1278,6 +1281,26 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
}
}
+
+ /* randomize security cookie */
+
+ if (IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG < nt->OptionalHeader.NumberOfRvaAndSizes &&
+ (pos = nt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress))
+ {
+ IMAGE_LOAD_CONFIG_DIRECTORY *loadcfg = (IMAGE_LOAD_CONFIG_DIRECTORY *)(ptr + pos);
+ ULONG_PTR *cookie = (ULONG_PTR *)loadcfg->SecurityCookie;
+ struct timeval tv;
+
+ gettimeofday( &tv, NULL );
+ srand( tv.tv_usec * getpid() );
+ *cookie = rand();
+#ifdef _WIN64
+ /* Fill up, but keep the highest word clear */
+ *cookie ^= (ULONG_PTR)rand() << 16;
+#endif
+ }
+
+
/* set the image protections */
VIRTUAL_SetProt( view, ptr, ROUND_SIZE( 0, header_size ), VPROT_COMMITTED | VPROT_READ );
--
1.9.1
More information about the wine-patches
mailing list