[PATCH 0/8] Fix dumper for x86_64
Jon Turney
jon.turney@dronecode.org.uk
Sun Jul 12 14:47:20 GMT 2020
On 06/07/2020 14:34, Jon Turney wrote:
> On 06/07/2020 09:12, Corinna Vinschen wrote:
>
>> What about the two protection fields in MEMORY_BASIC_INFORMATION? If
>> something changed, Protect != AllocationProtect. Is that insufficient
>> to handle your case?
>
> Unfortunately that doesn't seem to provide any additional information.
> The Windows loader seems to allocate all regions with EXWC protection,
> then change it to match the section. (Not that there are any guarantees
> about it's behaviour)
>
> I wasn't able to observe a region corresponding to an unmodified .data
> section with WC protection, which is somewhat confusing.
I guess that might be due to something in crt0 modifying .data, since
testing with something like:
1 #include <windows.h>
2
3 int __attribute__ ((section (".special"))) mutable = 2;
4
5 int main()
6 {
7 // modify rw data
8 // mutable = 0;
9
10 // deref null pointer
11 *(int *)0 = 1;
12 }
The memory region corresponding to the '.special' section has WC
protection, which changes to RW if it gets modified (as expected).
More information about the Cygwin-patches
mailing list