Zebediah Figura : ntoskrnl.exe: Allocate pool memory from an executable heap. - wine-commits

22 Aug 2019

Module: wine
Branch: master
Commit: da23da395244392234792814bbaaa780d620065a
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=da23da395244392234792814b...
Author: Zebediah Figura z.figura12@gmail.com
Date:   Wed Aug 21 23:16:51 2019 -0500
ntoskrnl.exe: Allocate pool memory from an executable heap.
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=45843
Signed-off-by: Zebediah Figura z.figura12@gmail.com
Signed-off-by: Alexandre Julliard julliard@winehq.org
---
dlls/ntoskrnl.exe/ntoskrnl.c     |  8 ++++++--
 dlls/ntoskrnl.exe/tests/driver.c | 23 +++++++++++++++++++++++
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c
index 91bd7da..2e2c746 100644
--- a/dlls/ntoskrnl.exe/ntoskrnl.c
+++ b/dlls/ntoskrnl.exe/ntoskrnl.c
@@ -78,6 +78,8 @@ static DWORD request_thread;
 /* tid of the client thread */
 static DWORD client_tid;
+static HANDLE ntoskrnl_heap;
+
 struct wine_driver
 {
     DRIVER_OBJECT driver_obj;
@@ -1998,7 +2000,7 @@ PVOID WINAPI ExAllocatePoolWithQuota( POOL_TYPE type, SIZE_T size )
 PVOID WINAPI ExAllocatePoolWithTag( POOL_TYPE type, SIZE_T size, ULONG tag )
 {
     /* FIXME: handle page alignment constraints */
-    void *ret = HeapAlloc( GetProcessHeap(), 0, size );
+    void *ret = HeapAlloc( ntoskrnl_heap, 0, size );
     TRACE( "%lu pool %u -> %p\n", size, type, ret );
     return ret;
 }
@@ -2040,7 +2042,7 @@ void WINAPI ExFreePool( void *ptr )
 void WINAPI ExFreePoolWithTag( void *ptr, ULONG tag )
 {
     TRACE( "%p\n", ptr );
-    HeapFree( GetProcessHeap(), 0, ptr );
+    HeapFree( ntoskrnl_heap, 0, ptr );
 }
static void initialize_lookaside_list( GENERAL_LOOKASIDE *lookaside, PALLOCATE_FUNCTION allocate, PFREE_FUNCTION free,
@@ -3067,9 +3069,11 @@ BOOL WINAPI DllMain( HINSTANCE inst, DWORD reason, LPVOID reserved )
 #endif
         KeQueryTickCount( &count );  /* initialize the global KeTickCount */
         NtBuildNumber = NtCurrentTeb()->Peb->OSBuildNumber;
+        ntoskrnl_heap = HeapCreate( HEAP_CREATE_ENABLE_EXECUTE, 0, 0 );
         break;
     case DLL_PROCESS_DETACH:
         if (reserved) break;
+        HeapDestroy( ntoskrnl_heap );
         RtlRemoveVectoredExceptionHandler( handler );
         break;
     }
diff --git a/dlls/ntoskrnl.exe/tests/driver.c b/dlls/ntoskrnl.exe/tests/driver.c
index 2b3a32b..dc583f9 100644
--- a/dlls/ntoskrnl.exe/tests/driver.c
+++ b/dlls/ntoskrnl.exe/tests/driver.c
@@ -1685,6 +1685,26 @@ static void WINAPI main_test_task(DEVICE_OBJECT *device, void *context)
     IoCompleteRequest(irp, IO_NO_INCREMENT);
 }
+#if defined(__i386__) || defined(__x86_64__)
+static void test_executable_pool(void)
+{
+    static const unsigned char bytes[] =
+            { 0xb8, 0xef, 0xbe, 0xad, 0xde, 0xc3 }; /* mov $0xdeadbeef,%eax ; ret */
+    static const ULONG tag = 0x74736574; /* test */
+    int (*func)(void);
+    int ret;
+
+    func = ExAllocatePoolWithTag(NonPagedPool, sizeof(bytes), tag);
+    ok(!!func, "Got NULL memory.\n");
+
+    memcpy(func, bytes, sizeof(bytes));
+    ret = func();
+    ok(ret == 0xdeadbeef, "Got %#x.\n", ret);
+
+    ExFreePoolWithTag(func, tag);
+}
+#endif
+
 static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *stack)
 {
     ULONG length = stack->Parameters.DeviceIoControl.OutputBufferLength;
@@ -1735,6 +1755,9 @@ static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *st
     test_lookup_thread();
     test_IoAttachDeviceToDeviceStack();
     test_object_name();
+#if defined(__i386__) || defined(__x86_64__)
+    test_executable_pool();
+#endif
if (main_test_work_item) return STATUS_UNEXPECTED_IO_ERROR;

    