Robert Baruch autophile@starband.net writes:
MapViewOfFileEx is called by MapViewOfFile, DPLAYX_ConstructData, HEAP_CreateSystemHeap, and VXD_Win32s. At this point my eyes began to glaze over. But I forged on with looking MapViewOfFile. GAAAH! That function is referenced in no less than sixteen places!
But none of these are used to map executable images. The only place we do that is from PE_LoadImage, so this is the only call that needs to set the protections.
Now there is a possibility that the app itself would create a mapping with SEC_IMAGE; but we don't implement this correctly anyway, so it don't think it matters if we don't set the protections in that case.
Yes, that should be done, too. I haven't dug that far into NT yet, so that mod may have to come in a future patch.
The problem is once you switch on the protections it will break apps; so you have to do the exception handler stuff at the same time.