Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix bad restore of the protection flags for memory pages when finding real code for hooks #10

Merged
merged 8 commits into from
Dec 2, 2021
Merged

Fix bad restore of the protection flags for memory pages when finding real code for hooks #10

merged 8 commits into from
Dec 2, 2021

Conversation

dcristoloveanu
Copy link
Member

Fix bad restore of the protection flags for memory pages when finding real code for hooks. There were several issues:

  • The address passed to the VirtaulProtect call that restores the protection flag could be different than the address originally used to set the page to EXECUTE_READ. This is due to the fact that pCode could be modified between the 2 calls.
  • VirtualProtect only returns the old protection flag for the first page. So, should the protected area span 2 pages (highly unlikely but still possible), the second and potentially subsequent pages would have a possibly wrong protection flag restored
  • The 64 bit version of the code did not call FindRealCode recursively (unknown why)
  • The protected memory area was not big enough in some of the cases

The solution is to have 2 wrapper functions to protect and restore a memory area, which would account for walking multiple pages, saving the proper protection flag to be used when restoring.

mattdurak
mattdurak reviewed Dec 2, 2021
View reviewed changes
src/utility.cpp Outdated
}

}

LPVOID FindRealCode(LPVOID pCode)
{
LPVOID result;
if (pCode != NULL)
{
// we need to make sure we can read the first 3 ULONG_PTRs
Copy link

@mattdurak mattdurak Dec 2, 2021
edited by dcristoloveanu
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3

looks like this is now 7 below... #Resolved

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

mattdurak
mattdurak approved these changes Dec 2, 2021
View reviewed changes
Copy link

@mattdurak mattdurak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@dcristoloveanu dcristoloveanu merged commit c1967cc into master Dec 2, 2021
@dcristoloveanu dcristoloveanu deleted the test_code_hooks branch December 2, 2021 02:20
@maoyue-xiyan maoyue-xiyan mentioned this pull request Feb 16, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattdurak mattdurak mattdurak approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dcristoloveanu @mattdurak