[PATCH 1/3] ntdll: account for read-only cookie in loader

May 26, 2026

From: Rose Hellsing <rose@pinkro.se>

Until now wine tried to write the cookie even if the cookie was located in a read-only section, causing some applications to crash. With this change the loader temporarily marks the memory section as read-write to update the cookie.

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=51928
---
 dlls/ntdll/loader.c | 38 ++++++++++++++++++++++++--------------
 1 file changed, 24 insertions(+), 14 deletions(-)

diff --git a/dlls/ntdll/loader.c b/dlls/ntdll/loader.c
index b19bf78a456..77d55268abd 100644
--- a/dlls/ntdll/loader.c
+++ b/dlls/ntdll/loader.c
@@ -2105,26 +2105,36 @@ NTSTATUS WINAPI LdrGetProcedureAddress(HMODULE module, const ANSI_STRING *name,
 static void set_security_cookie( ULONG_PTR *cookie )
 {
     static ULONG seed;
+    ULONG_PTR new_cookie = 0;
+    SIZE_T size;
+    void *addr;
+    ULONG old_prot;
 
     TRACE( "initializing security cookie %p\n", cookie );
 
     if (!seed) seed = NtGetTickCount() ^ GetCurrentProcessId();
-    for (;;)
-    {
-        if (*cookie == DEFAULT_SECURITY_COOKIE_16)
-            *cookie = RtlRandom( &seed ) >> 16; /* leave the high word clear */
-        else if (*cookie == DEFAULT_SECURITY_COOKIE_32)
-            *cookie = RtlRandom( &seed );
+
+    if (*cookie == DEFAULT_SECURITY_COOKIE_16)
+        new_cookie = RtlRandom( &seed ) >> 16; /* leave the high word clear */
+    else if (*cookie == DEFAULT_SECURITY_COOKIE_32)
+        new_cookie = RtlRandom( &seed );
 #ifdef DEFAULT_SECURITY_COOKIE_64
-        else if (*cookie == DEFAULT_SECURITY_COOKIE_64)
-        {
-            *cookie = RtlRandom( &seed );
-            /* fill up, but keep the highest word clear */
-            *cookie ^= (ULONG_PTR)RtlRandom( &seed ) << 16;
-        }
+    else if (*cookie == DEFAULT_SECURITY_COOKIE_64)
+    {
+        new_cookie = RtlRandom( &seed );
+        /* fill up, but keep the highest word clear */
+        new_cookie ^= (ULONG_PTR)RtlRandom( &seed ) << 16;
+    }
 #endif
-        else
-            break;
+    else
+        return;
+
+    addr = cookie;
+    size = sizeof(*cookie);
+    if (!NtProtectVirtualMemory( NtCurrentProcess(), &addr, &size, PAGE_READWRITE, &old_prot ))
+    {
+        *cookie = new_cookie;
+        NtProtectVirtualMemory( NtCurrentProcess(), &addr, &size, old_prot, &old_prot );
     }
 }
 
-- 
GitLab


https://gitlab.winehq.org/wine/wine/-/merge_requests/11001

    