Flag: Tornado!
Hurricane!
|
|
 Error: Authentication required to access requested resource.
Topic created on: by  .
The "bug" is documented here: http://msdn.microsoft.com/en-us/library/aa366549(VS.85).aspx
"If a guard page exception occurs during a system service, the service fails and typically returns some failure status indicator. Since the system also removes the relevant memory page's guard page status, the next invocation of the same system service won't fail due to a STATUS_GUARD_PAGE_VIOLATION exception (unless, of course, someone reestablishes the guard page)."
|
EliCZ
if so, why ReadProcessMemory() turns PAGE_GUARD off for pages allocated by VirtualAlloc(), but does not turn it off for VirtualProtect() as well as for PE image?
"typically returns" is not good for the official documentation and I quoted that part of the documentation on my blog.
PAGE_GUARD should work as it's expected to. if sometimes it works, sometimes does not - this means: it does not work at all, so this is a bug :)
btw, it's _not_ documented that OllyDbg does not pass the exception to applications :)
anyway, thanks for feedback! you helped me to realize that my post it's not clean enough...
|
> if so, why ReadProcessMemory() turns PAGE_GUARD off for pages allocated by VirtualAlloc(), but [b]does not turn it off for VirtualProtect() as well as for PE image?
Can you write an example demonstrating this?
> PAGE_GUARD should work as it\'s expected to. if sometimes it works, sometimes does not - this means: it does not work at all, so this is a bug :)
I think it works as described in MSDN.
How _exactly_ should it work for you?
As I understand Windows it works like this:
* When an exception occurs in user-mode, a user-mode exception is raised (except stack growing).
* When an exception occurs in kernel-mode, a kernel-mode exception is raised.
* If kernel-mode exception happens during system service (typically when probing user-mode buffers) that has __try/__except, service returns an error status.
* Any touching of guarded page turns off PAGE_GUARD; when touched in user-mode an exception is dispatched to user-mode handler, when touched by system service a status is returned.
Am I wrong somewhere?
|
Note: Registration is required to post to the forums.
|
|
|
|
There are 28,225 total registered users.
|
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}