Re: ntdll: Randomize security cookie when available (try 4)

André Hentschel nerv@dawncrow.de writes:

@@ -1278,6 +1281,26 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz } }

• /* randomize security cookie */
• if (IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG < nt->OptionalHeader.NumberOfRvaAndSizes &&

•    (pos = nt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress))
  

• {

•    IMAGE_LOAD_CONFIG_DIRECTORY *loadcfg = (IMAGE_LOAD_CONFIG_DIRECTORY *)(ptr + pos);
  

•    ULONG_PTR *cookie = (ULONG_PTR *)loadcfg->SecurityCookie;
  

•    struct timeval tv;
  

•    gettimeofday( &tv, NULL );
  

•    srand( tv.tv_usec * getpid() );
  

•    *cookie = rand();
  

That's not much better. It doesn't make sense to reset the seed on every call.