flat assembler
Message board for the users of flat assembler.

Index > Windows > How to write-protect memory regions?

Author
Thread Post new topic Reply to topic
ronware



Joined: 08 Jan 2004
Posts: 179
Location: Israel
ronware 28 Feb 2005, 20:00
Hi -

I would like to make certain regions of my application "read-only". I figured I could do this with VirtualProtect(), but what seems to happen is that using it renders the entire PAGE of memory read-only Shocked

Basically I would like to put guard-values around some buffers, and intercept the GPF if these guard-values are accessed -- does anyone know of a way to do this on Win32?

Thanks!
Post 28 Feb 2005, 20:00
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 28 Feb 2005, 20:33
Hmmm... I guess the best solution would be read-only pages (iirc guard pages are NT-only), then write a SEH that traps GPF's, and checks whether the range is "protected", looks at the opcode that caused the GPF, etc... would probably be some good hours of work Smile
Post 28 Feb 2005, 20:33
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 01 Mar 2005, 13:20
how does it looks with using debugging register in ring3 under windoze? Maybe they could be used for such purpose...
Post 01 Mar 2005, 13:20
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
ronware



Joined: 08 Jan 2004
Posts: 179
Location: Israel
ronware 01 Mar 2005, 16:11
vid wrote:
how does it looks with using debugging register in ring3 under windoze? Maybe they could be used for such purpose...


That's apparently the only way, but I don't think you can write the debug registers in ring3 at all.

What I'm doing is using 'canary' values and checking them in an idle loop. This is probably good enough but it's wasteful and not as accurate as trapping a write.
Post 01 Mar 2005, 16:11
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia
MazeGen 01 Mar 2005, 19:28
You can write them easily, but I'm not sure whether in works on all versions of windows.

When you install exception handler via fs:[0] and raise an exception, you get access to CONTEXT structure in the handler, where you can overwrite probably all registers, including debug registers. You also rewrite the EIP to some safe place and resume the execution.

For more see
http://www.jorgon.freeserve.co.uk/ExceptFrame.htm

This method also use exe protectors to fool the debugger.

BTW, MOV from/to DRn registers is in ring3 normally prohibited, of course.
Post 01 Mar 2005, 19:28
View user's profile Send private message Visit poster's website Reply with quote
mike.dld



Joined: 03 Oct 2003
Posts: 235
Location: Belarus, Minsk
mike.dld 01 Mar 2005, 22:33
I have another question.. How can I FULLY protect some memory region so either write or read memory operations in this region will cause #GP?
And another one: how fast would be tracing app (doing nothing at debugger side, just stopping and resuming on every instruction) comparing to simple execution?
Post 01 Mar 2005, 22:33
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
S.T.A.S.



Joined: 09 Jan 2004
Posts: 173
Location: Ru#27
S.T.A.S. 02 Mar 2005, 01:19
In ring 3 it takes approx from 2500 to 7000 tics to raise execution of ExeptionHandler with no user mode debugger active. It *depends* on hardware, OS, etc.
If debugger is active, then this time runs up. Here is some test with sources. And related discussion (in Russian)
Post 02 Mar 2005, 01:19
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.