Based on the behavior of QueryWorkingSetEx, the header of a PE file should generally be shared. By zeroing part of the header, copy-on-write is triggered and the page is no longer shared. There does not appear to be a rationale for clearing these bytes.
Signed-off-by: Andrew Wesie awesie@gmail.com --- dlls/ntdll/virtual.c | 1 - 1 file changed, 1 deletion(-)
diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c index 529f9575d3..7065581709 100644 --- a/dlls/ntdll/virtual.c +++ b/dlls/ntdll/virtual.c @@ -1572,7 +1572,6 @@ static NTSTATUS map_image( HANDLE hmapping, ACCESS_MASK access, int fd, int top_ dos = (IMAGE_DOS_HEADER *)ptr; nt = (IMAGE_NT_HEADERS *)(ptr + dos->e_lfanew); header_end = ptr + ROUND_SIZE( 0, header_size ); - memset( ptr + header_size, 0, header_end - (ptr + header_size) ); if ((char *)(nt + 1) > header_end) goto error; header_start = (char*)&nt->OptionalHeader+nt->FileHeader.SizeOfOptionalHeader; if (nt->FileHeader.NumberOfSections > ARRAY_SIZE( sections )) goto error;