Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-10173

PAGE_EXECUTE_WRITECOPY does not actually copy memory before writing to it.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Cannot Reproduce
    • Critical
    • None
    • NTCore
    • None

    Description

      When writing to memory sections shared by all processes (for example, the code section in a dll like kernel32.dll) the modifications are visible in all processes.

      Discovered / documented in CORE-6391
      Application to confirm behavior in CORE-10153 (although every process going down because of breakpoints also is a clear indication of a problem).

      Steps to reproduce (duplicated from CORE-6391):

      1. Load any process in depends (Dependency walker).
      2. Start profiling. (At this point, depends sets a breakpoint in all dll's loaded by the target process).
      3. Every process now has breakpoints in all dll's loaded by depends target.

      Update:
      This is not always triggered.

      Change memory protection from PAGE_EXECUTE_READ to PAGE_EXECUTE_WRITECOPY --> Problem.
      Change memory protection from PAGE_EXECUTE_READ to PAGE_EXECUTE_READWRITE to PAGE_EXECUTE_WRITECOPY --> Everything appears to be fine.

      Attachments

        1. 2015-09-13_01-22-45.png
          32 kB
          Mark Jansen
        2. screenshot-1.png
          50 kB
          Mark Jansen

        Issue Links

          Activity

            People

              bug zilla Bug Zilla
              learn_more Mark Jansen
              Votes:
              5 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: