Alexandre Julliard wrote:
Robert Baruch autophile@starband.net writes:
MapViewOfFileEx is called by MapViewOfFile, DPLAYX_ConstructData, HEAP_CreateSystemHeap, and VXD_Win32s. At this point my eyes began to glaze over. But I forged on with looking MapViewOfFile. GAAAH! That function is referenced in no less than sixteen places!
But none of these are used to map executable images. The only place we do that is from PE_LoadImage, so this is the only call that needs to set the protections.
Bummer:
MODULE_LoadLibraryExA calls PE_LoadLibraryExA, which first calls PE_LoadImage (which sets protections) and then PE_CreateModule, which calls PE_fixup_imports, which causes a protection violation (see trace below)!
PE_CreateModule is also called from ELF_LoadLibraryExA, load_library, and from start_process.
Maybe the right place to set protections is at the end of PE_CreateModule.
--Rob
trace:module:GetModuleFileNameA J:\targ2001\data\tar2001.exe trace:module:MODULE_LoadLibraryExA Already loaded module 'USER32.dll' at 0x40670000, count=3 trace:win32:PE_fixup_imports Microsoft style imports used trace:win32:PE_fixup_imports --- MessageBoxA USER32.dll.390 trace:win32:MODULE_GetProcAddress (40670000,MessageBoxA) trace:win32:PE_FindExportedFunction (MessageBoxA) trace:seh:EXC_RtlRaiseException code=c0000005 flags=0 First chance exception: page fault on write access to 0x75b6903c in 32-bit code (0x40091b8f). ... =>0 0x40091b8f (PE_fixup_imports+0x2af(wm=0x40382a68) [pe_image.c:353] in libntdll.so) (ebp=405b6a34) 1 0x40092582 (PE_CreateModule+0x292(hModule=0x75b30000, filename=0x403828a8, flags=0x0, hFile=0x30, bu iltin=0x0) [pe_image.c:717] in libntdll.so) (ebp=405b6ac0) 2 0x400926d2 (PE_LoadLibraryExA+0x62(name=0x403828a8, flags=0x0) [pe_image.c:792] in libntdll.so) (ebp =405b6ae8) 3 0x400907fd (MODULE_LoadLibraryExA+0x42d(libname=0x7ffd9cfe, hfile=0x0, flags=0x0, name=0x7ffd9cfe, n ame=0x7ffd9cfe, name=0x7ffd9cfe) [module.c:1477] in libntdll.so) (ebp=405b6b2c)