On Wed Nov 9 11:06:28 2022 +0000, Alexandre Julliard wrote:
This would most likely need to check against the user space limit of the target process.
I was actually performing some additional ad-hoc tests while doing this. I am attaching the patch which extends the test for different target process (including 32 -> 64 and vice versa). To run that I copy 32 bit ntdll_test.exe as ntdll_test32.exe along 64 bit ntdll_test.exe (to be run), and ntdll_test64.exe to the 32 bit test directory.
There is a test in lines 538-543 which succeeds, in particular, with 32 bit target process and 64 bit source process.
So it would be trivial to check the limit in the destination process in the same function, but, as weird as it sounds, it looks like this validation is done against source process on Windows for some reason.
[0001-ntdll-tests-Test-NtAllocateVirtualMemoryEx-with-othe.patch](/uploads/b565c53433605b63eccccacb00120132/0001-ntdll-tests-Test-NtAllocateVirtualMemoryEx-with-othe.patch)