[PATCH v4 0/4] MR6767: WriteProcessMemory() without PROCESS_QUERY_INFORMATION access right.

List overview All Threads

newer

older

[PATCH v11 0/19] MR6766:...

[PATCH v3 0/4] MR6767:...

eric pouech (＠epo)

5 Nov 2024 5 Nov '24

11:54 a.m.

This is an alternate solution to MR 6761 [1] (actually is based on comment in that MR).

WriteProcessMemory() should succeed when process handle doesn't have PROCESS_QUERY_INFORMATION access right set (test attached). Plus some additional cleanup in test for ReadProcessMemory().

Feedback from Proton says that this patch solves the reported game issue.

[1] https://gitlab.winehq.org/wine/wine/-/merge_requests/6761

-- v4: server: Amend process rights mapping. advapi32: Test some other cases of process access rights mapping. advapi32/tests: Fix typo in manifest constant. kernel32/tests: Don't hardcode page size in buffer size.

https://gitlab.winehq.org/wine/wine/-/merge_requests/6767

Show replies by date

Eric Pouech

5 Nov 5 Nov

11:54 a.m.

New subject: [PATCH v4 1/4] kernel32/tests: Don't hardcode page size in buffer size.

From: Eric Pouech epouech@codeweavers.com

Signed-off-by: Eric Pouech epouech@codeweavers.com --- dlls/kernel32/tests/virtual.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/dlls/kernel32/tests/virtual.c b/dlls/kernel32/tests/virtual.c index 12841133c05..cfbfcac0950 100644 --- a/dlls/kernel32/tests/virtual.c +++ b/dlls/kernel32/tests/virtual.c @@ -4368,13 +4368,15 @@ static void test_PrefetchVirtualMemory(void)

static void test_ReadProcessMemory(void) { - BYTE buf[0x2000]; + BYTE *buf; DWORD old_prot; SIZE_T copied; HANDLE hproc; void *ptr; BOOL ret;

+ buf = malloc(2 * si.dwPageSize); + ok(buf != NULL, "OOM\n"); ret = DuplicateHandle(GetCurrentProcess(), GetCurrentProcess(), GetCurrentProcess(), &hproc, 0, FALSE, DUPLICATE_SAME_ACCESS); ok(ret, "DuplicateHandle failed %lu\n", GetLastError()); @@ -4403,6 +4405,7 @@ static void test_ReadProcessMemory(void) ret = VirtualFree(ptr, 0, MEM_RELEASE); ok(ret, "VirtualFree failed %lu\n", GetLastError()); CloseHandle(hproc); + free(buf); }

START_TEST(virtual)

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6767

Eric Pouech

11:54 a.m.

New subject: [PATCH v4 2/4] advapi32/tests: Fix typo in manifest constant.

From: Eric Pouech epouech@codeweavers.com

(harmless, the actual values are the same).

Signed-off-by: Eric Pouech epouech@codeweavers.com --- dlls/advapi32/tests/security.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 0917b144648..90c553902cd 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -3118,7 +3118,7 @@ static void test_process_security_child(void) /* Test thread security */ handle = OpenThread( THREAD_TERMINATE, FALSE, GetCurrentThreadId() ); ok(handle != NULL, "OpenThread(THREAD_TERMINATE) with err:%ld\n", GetLastError()); - TEST_GRANTED_ACCESS( handle, PROCESS_TERMINATE ); + TEST_GRANTED_ACCESS( handle, THREAD_TERMINATE ); CloseHandle( handle );

handle = OpenThread( THREAD_SET_THREAD_TOKEN, FALSE, GetCurrentThreadId() );

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6767

Eric Pouech

11:54 a.m.

New subject: [PATCH v4 3/4] advapi32: Test some other cases of process access rights mapping.

From: Eric Pouech epouech@codeweavers.com

Signed-off-by: Eric Pouech epouech@codeweavers.com --- dlls/advapi32/tests/security.c | 11 +++++++++++ 1 file changed, 11 insertions(+)

diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 90c553902cd..8aa9bf20ea9 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -6154,6 +6154,17 @@ static void test_process_access(void) "expected PROCESS_QUERY_INFORMATION|PROCESS_QUERY_LIMITED_INFORMATION, got %#lx\n", access); CloseHandle(dup);

+ SetLastError( 0xdeadbeef ); + ret = DuplicateHandle(GetCurrentProcess(), process, GetCurrentProcess(), &dup, + PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, 0); + ok(ret, "DuplicateHandle error %ld\n", GetLastError()); + access = get_obj_access(dup); + todo_wine + ok(access == (PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_QUERY_LIMITED_INFORMATION) || + broken(access == (PROCESS_VM_OPERATION | PROCESS_VM_WRITE)) /* Win8 and before */, + "expected PROCESS_VM_OPERATION|PROCESS_VM_WRITE|PROCESS_QUERY_LIMITED_INFORMATION, got %#lx\n", access); + CloseHandle(dup); + TerminateProcess(process, 0); CloseHandle(process); }

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6767

Eric Pouech

11:54 a.m.

New subject: [PATCH v4 4/4] server: Amend process rights mapping.

From: Eric Pouech epouech@codeweavers.com

PROCESS_VM_OPERATION | PROCESS_VM_WRITE grants PROCESS_QUERY_LIMITED_INFORMATION rights.

Signed-off-by: Eric Pouech epouech@codeweavers.com --- dlls/advapi32/tests/security.c | 1 - server/process.c | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 8aa9bf20ea9..4cfc4ca7461 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -6159,7 +6159,6 @@ static void test_process_access(void) PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, 0); ok(ret, "DuplicateHandle error %ld\n", GetLastError()); access = get_obj_access(dup); - todo_wine ok(access == (PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_QUERY_LIMITED_INFORMATION) || broken(access == (PROCESS_VM_OPERATION | PROCESS_VM_WRITE)) /* Win8 and before */, "expected PROCESS_VM_OPERATION|PROCESS_VM_WRITE|PROCESS_QUERY_LIMITED_INFORMATION, got %#lx\n", access); diff --git a/server/process.c b/server/process.c index 49f5c75005f..f386239919d 100644 --- a/server/process.c +++ b/server/process.c @@ -805,6 +805,8 @@ static unsigned int process_map_access( struct object *obj, unsigned int access access = default_map_access( obj, access ); if (access & PROCESS_QUERY_INFORMATION) access |= PROCESS_QUERY_LIMITED_INFORMATION; if (access & PROCESS_SET_INFORMATION) access |= PROCESS_SET_LIMITED_INFORMATION; + if ((access & (PROCESS_VM_OPERATION | PROCESS_VM_WRITE)) == (PROCESS_VM_OPERATION | PROCESS_VM_WRITE)) + access |= PROCESS_QUERY_LIMITED_INFORMATION; return access; }

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6767

Marvin

12:30 p.m.

New subject: [PATCH v4 4/4] server: Amend process rights mapping.

Hi,

It looks like your patch introduced the new failures shown below. Please investigate and fix them before resubmitting your patch. If they are not new, fixing them anyway would help a lot. Otherwise please ask for the known failures list to be updated.

The tests also ran into some preexisting test failures. If you know how to fix them that would be helpful. See the TestBot job for the details:

The full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=149481

Your paranoid android.

=== debian11b (64 bit WoW report) ===

user32: input.c:4305: Test succeeded inside todo block: button_down_hwnd_todo 1: got MSG_TEST_WIN hwnd 0000000002D700D4, msg WM_LBUTTONDOWN, wparam 0x1, lparam 0x320032

eric pouech (＠epo)

11:55 a.m.

V4 pushed: - fixed tests for Win8 and before

-- https://gitlab.winehq.org/wine/wine/-/merge_requests/6767#note_86617

Dmitry Timoshkov (＠dmitry)

12:01 p.m.

It would be helpful to test PROCESS_VM_OPERATION and PROCESS_VM_WRITE separately to see if any of them is supposed to trigger PROCESS_QUERY_LIMITED_INFORMATION.

-- https://gitlab.winehq.org/wine/wine/-/merge_requests/6767#note_86618