Re: [PATCH] ntdll: deal with images which override the section table during mapping - wine-devel

10 Oct 2011

On Mon, Oct 10, 2011 at 11:36:33AM +0200, Bernhard Loos wrote:
...

dlls/ntdll/virtual.c |   38 ++++++++++++++++++++++++++++++++++----
 1 files changed, 34 insertions(+), 4 deletions(-)
I think this needs tests, the algorithms are very fragile.
Ciao, Marcus
...

diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c
index 5e69eb9..7841d9c 100644
--- a/dlls/ntdll/virtual.c
+++ b/dlls/ntdll/virtual.c
@@ -1114,6 +1114,7 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
     IMAGE_DOS_HEADER *dos;
     IMAGE_NT_HEADERS *nt;
     IMAGE_SECTION_HEADER *sec;

IMAGE_SECTION_HEADER *section_table = NULL;
IMAGE_DATA_DIRECTORY *imports;
NTSTATUS status = STATUS_CONFLICTING_ADDRESSES;
int i;

@@ -1123,6 +1124,7 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
     struct file_view *view = NULL;
     char *ptr, *header_end;
     INT_PTR delta = 0;

DWORD SizeOfHeaders;
/* zero-map the whole range */


@@ -1158,8 +1160,11 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
     header_end = ptr + ROUND_SIZE( 0, header_size );
     memset( ptr + header_size, 0, header_end - (ptr + header_size) );
     if ((char *)(nt + 1) > header_end) goto error;

sec = (IMAGE_SECTION_HEADER*)((char*)&nt->OptionalHeader+nt->FileHeader.SizeOfOptionalHeader);
if ((char *)(sec + nt->FileHeader.NumberOfSections) > header_end) goto error;


section_table = (IMAGE_SECTION_HEADER*)((char*)&nt->OptionalHeader+nt->FileHeader.SizeOfOptionalHeader);

/* make sure we mapped enough memory */

if ((char *)(section_table + nt->FileHeader.NumberOfSections) > header_end) goto error;

/* windows is only interested in the size as given by OptionalHeader.SizeOfHeaders */

SizeOfHeaders = ROUND_SIZE( 0, nt->OptionalHeader.SizeOfHeaders );
imports = nt->OptionalHeader.DataDirectory + IMAGE_DIRECTORY_ENTRY_IMPORT;
if (!imports->Size || !imports->VirtualAddress) imports = NULL;


@@ -1180,7 +1185,7 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
         if (nt->OptionalHeader.FileAlignment != nt->OptionalHeader.SectionAlignment) goto error;
         for (i = 0; i < nt->FileHeader.NumberOfSections; i++)
         {

       if (sec[i].VirtualAddress != sec[i].PointerToRawData)




       if (section_table[i].VirtualAddress != section_table[i].PointerToRawData)
           goto error;  /* Windows refuses to load in that case too */
   }




@@ -1192,6 +1197,24 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
         goto done;
     }

if ((char *)(section_table + nt->FileHeader.NumberOfSections) > ptr + SizeOfHeaders)

{

   /* part of the section table is outside of SizeOfHeaders


    * at this point, it's likely that a section will get mapped over


    * the section table (Borderlands does this)


    * Not sure how it works on Windows, but we make a copy of the


    * table at this point */


    sec = RtlAllocateHeap( virtual_heap, 0, sizeof(*sec) * nt->FileHeader.NumberOfSections);


    if (!sec)


    {


        status = STATUS_NO_MEMORY;


        goto error;


    }


    memcpy( sec, section_table, sizeof(*sec) * nt->FileHeader.NumberOfSections);


    section_table = sec;


}


else


   sec = section_table;


/* map all the sections */


@@ -1200,6 +1223,9 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
         static const SIZE_T sector_align = 0x1ff;
         SIZE_T map_size, file_start, file_size, end;

   if (sec->VirtualAddress < SizeOfHeaders)


       goto error;


   if (!sec->Misc.VirtualSize)
       map_size = ROUND_SIZE( 0, sec->SizeOfRawData );
   else



@@ -1329,7 +1355,7 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
 VIRTUAL_SetProt( view, ptr, ROUND_SIZE( 0, header_size ), VPROT_COMMITTED | VPROT_READ );



sec = (IMAGE_SECTION_HEADER*)((char *)&nt->OptionalHeader+nt->FileHeader.SizeOfOptionalHeader);


sec = section_table;
for (i = 0; i < nt->FileHeader.NumberOfSections; i++, sec++)
{
    SIZE_T size;

@@ -1361,6 +1387,8 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
     }
done:

if (section_table && (char *)section_table != (char *)&nt->OptionalHeader+nt->FileHeader.SizeOfOptionalHeader)
   RtlFreeHeap( virtual_heap, 0, section_table );

view->mapping = dup_mapping;
   server_leave_uninterrupted_section( &csVirtual, &sigset );

@@ -1373,6 +1401,8 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
error:
     if (view) delete_view( view );

if (section_table && (char *)section_table != (char *)&nt->OptionalHeader+nt->FileHeader.SizeOfOptionalHeader)
   RtlFreeHeap( virtual_heap, 0, section_table );

server_leave_uninterrupted_section( &csVirtual, &sigset );
   if (dup_mapping) NtClose( dup_mapping );
   return status;

...

    