Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NtAllocateVirtualMemory can change protection bits on existing pages #1175

Closed
derekbruening opened this issue Nov 28, 2014 · 1 comment
Closed

NtAllocateVirtualMemory can change protection bits on existing pages #1175

derekbruening opened this issue Nov 28, 2014 · 1 comment
Labels
Migrated OpSys-Windows Priority-High Status-Fixed

Comments

@derekbruening
Copy link
Contributor

From bruen...@google.com on June 02, 2013 00:33:22

Fallout from https://code.google.com/p/drmemory/issues/detail?id=1258 **** TODO NtAllocateVirtualMemory can change protection bits on existing pages

As evidenced by this bug: so DR needs to watch it.

Currently calls app_memory_allocation() on any MEM_COMMIT -- but it returns
immediately if new prot is -x. So it won't catch app changing code from
+rx to +rw, e.g.

Need to also watch os_raw_mem_alloc() too, then!

**** TODO can NtAllocateVirtualMemory de-commit pages if new size is < old size?

**** TODO redirect_VirtualProtect() should call app_memory_protection_change()

today it blindly calls the syscall and doesn't route through DR

Original issue: http://code.google.com/p/dynamorio/issues/detail?id=1175
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Migrated OpSys-Windows Priority-High Status-Fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@derekbruening