Re: ntdll: Randomize security cookie when available (try 4)

29 Jun 2015


      André Hentschel <nerv(a)dawncrow.de> writes:
...
@@ -1278,6 +1281,26 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
         }
     }
+
+    /* randomize security cookie */
+
+    if (IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG < nt->OptionalHeader.NumberOfRvaAndSizes &&
+        (pos = nt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress))
+    {
+        IMAGE_LOAD_CONFIG_DIRECTORY *loadcfg = (IMAGE_LOAD_CONFIG_DIRECTORY *)(ptr + pos);
+        ULONG_PTR *cookie = (ULONG_PTR *)loadcfg->SecurityCookie;
+        struct timeval tv;
+
+        gettimeofday( &tv, NULL );
+        srand( tv.tv_usec * getpid() );
+        *cookie = rand();
That's not much better. It doesn't make sense to reset the seed on every
call.

-- 
Alexandre Julliard
julliard(a)winehq.org

    