On 2018-06-06 17:11, Derek Lesho wrote:
Hi Thomas, in your example, does &Base refer to the base of ntoskrnl.exe? If so, why are you allocating a buffer there, wouldn't that corrupt the memory of ntoskrnl, or am I misunderstanding what your code is doing. On windows, do drivers have access to change the memory of ntoskrnl?
My intention was to simply make a user mode memory allocation, so there should be a "Base = NULL;" before the call to ZwAllocateVirtualMemory. This function cannot allocate kernel address space (or overwrite loaded modules), so it wouldn't do anything unexpected. I was just suggesting it to demonstrate behavior with NOACCESS/READONLY/READWRITE pages. As for your actual use case, I'd assume ntoskrnl's code is most likely write-protected on Windows as well, much like you encountered on Wine, but I haven't verified.
Since your patch was committed I don't know if you're still interested in adding the test. If you are, I'd suggest to go with the simpler second version, since like I said the "full test" won't be very useful in Wine.
On Wed, Jun 6, 2018 at 3:51 AM, Thomas Faber thomas.faber@reactos.org wrote:
void test_function() { ok(MmIsAddressValid((void*)test_function), ...); // fails in master, succeeds with patch? ptr = ExAllocatePoolWithTag(NonPagedPool, ...) ok(MmIsAddressValid(ptr), ...); ExFreePoolWithTag... ok(!MmIsAddressValid(NULL), ...); }
Perhaps also ok(MmIsAddressValid((void*)MmIsAddressValid), ...); to specifically test ntoskrnl instead of the test driver's binary.
-Thomas