From 033c4b149f67d060c04e492249b1b7d741e4da3e Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Sun, 28 May 2017 16:16:15 +0200 Subject: [PATCH] ntdll-NtQueryVirtualMemory: Skip get_dll_info wineserver call if address does not have VPROT_IMAGE permissions. --- ...ll_info-wineserver-call-if-address-d.patch | 55 +++++++++++++++++++ patches/patchinstall.sh | 2 + 2 files changed, 57 insertions(+) create mode 100644 patches/ntdll-NtQueryVirtualMemory/0010-ntdll-Skip-get_dll_info-wineserver-call-if-address-d.patch diff --git a/patches/ntdll-NtQueryVirtualMemory/0010-ntdll-Skip-get_dll_info-wineserver-call-if-address-d.patch b/patches/ntdll-NtQueryVirtualMemory/0010-ntdll-Skip-get_dll_info-wineserver-call-if-address-d.patch new file mode 100644 index 00000000..7e9316f0 --- /dev/null +++ b/patches/ntdll-NtQueryVirtualMemory/0010-ntdll-Skip-get_dll_info-wineserver-call-if-address-d.patch @@ -0,0 +1,55 @@ +From 9b91067e59331f33825d0a5bc3e1f86f67714830 Mon Sep 17 00:00:00 2001 +From: Sebastian Lackner +Date: Sun, 28 May 2017 16:14:03 +0200 +Subject: ntdll: Skip get_dll_info wineserver call if address does not have + VPROT_IMAGE permissions. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +As suggested by Michael Müller. +--- + dlls/ntdll/virtual.c | 19 +++++++++++++++---- + 1 file changed, 15 insertions(+), 4 deletions(-) + +diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c +index a5c3ce69185..0d5150aaf93 100644 +--- a/dlls/ntdll/virtual.c ++++ b/dlls/ntdll/virtual.c +@@ -2271,10 +2271,18 @@ NTSTATUS virtual_get_section_mapping( HANDLE process, LPCVOID addr, HANDLE *mapp + base = ROUND_ADDR( addr, page_mask ); + + server_enter_uninterrupted_section( &csVirtual, &sigset ); +- if ((view = VIRTUAL_FindView( base, 0 )) && view->mapping) ++ if ((view = VIRTUAL_FindView( base, 0 ))) + { +- status = NtDuplicateObject( NtCurrentProcess(), view->mapping, NtCurrentProcess(), +- mapping, 0, 0, DUP_HANDLE_SAME_ACCESS ); ++ if (view->mapping) ++ { ++ status = NtDuplicateObject( NtCurrentProcess(), view->mapping, NtCurrentProcess(), ++ mapping, 0, 0, DUP_HANDLE_SAME_ACCESS ); ++ } ++ else if (view->protect & VPROT_IMAGE) ++ { ++ *mapping = NULL; ++ status = STATUS_SUCCESS; ++ } + } + server_leave_uninterrupted_section( &csVirtual, &sigset ); + return status; +@@ -2424,7 +2432,10 @@ static NTSTATUS get_section_name( HANDLE process, LPCVOID addr, + + if (!addr || !info || !res_len) return STATUS_INVALID_PARAMETER; + +- if (!(status = virtual_get_section_mapping( process, addr, &mapping ))) ++ if ((status = virtual_get_section_mapping( process, addr, &mapping ))) ++ return status; ++ ++ if (mapping) + { + status = server_get_unix_name( mapping, &unix_name ); + close_handle( mapping ); +-- +2.12.2 + diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index 34e6ce66..2584b2bd 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -5800,6 +5800,7 @@ if test "$enable_ntdll_NtQueryVirtualMemory" -eq 1; then patch_apply ntdll-NtQueryVirtualMemory/0007-kernel32-Implement-K32GetMappedFileName.-v2.patch patch_apply ntdll-NtQueryVirtualMemory/0008-ntdll-Resolve-drive-symlinks-before-returning-sectio.patch patch_apply ntdll-NtQueryVirtualMemory/0009-ntdll-Fix-error-code-when-querying-too-large-memory-.patch + patch_apply ntdll-NtQueryVirtualMemory/0010-ntdll-Skip-get_dll_info-wineserver-call-if-address-d.patch ( printf '%s\n' '+ { "Sebastian Lackner", "server: Store full path for ntdll/kernel32 dll.", 1 },'; printf '%s\n' '+ { "Dmitry Timoshkov", "ntdll: Split logic for MemoryBasicInformation into a separate function.", 1 },'; @@ -5810,6 +5811,7 @@ if test "$enable_ntdll_NtQueryVirtualMemory" -eq 1; then printf '%s\n' '+ { "Dmitry Timoshkov", "kernel32: Implement K32GetMappedFileName.", 2 },'; printf '%s\n' '+ { "Sebastian Lackner", "ntdll: Resolve drive symlinks before returning section name.", 1 },'; printf '%s\n' '+ { "Michael Müller", "ntdll: Fix error code when querying too large memory address.", 1 },'; + printf '%s\n' '+ { "Sebastian Lackner", "ntdll: Skip get_dll_info wineserver call if address does not have VPROT_IMAGE permissions.", 1 },'; ) >> "$patchlist" fi