VirtualBox

Ignore:
Timestamp:
Sep 9, 2014 2:06:16 PM (10 years ago)
Author:
vboxsync
Message:

SUP: Fixed for SEP issue where it would deadlock when we tried mapping the executable into the child process. Since it's hopefully not essential for any of the other anti-products tweaks, I've decided to disable that hack. the 2nd ntdll.dll mapping has been left in.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp

    r52634 r52656  
    31913191    if (pvBase)
    31923192    {
     3193        /*SUP_DPRINTF(("supR3HardNtPuChUnmapDllFromChild: Calling NtUnmapViewOfSection on %p / %s\n", pvBase, pszShort));*/
    31933194        NTSTATUS rcNt = NtUnmapViewOfSection(pThis->hProcess, pvBase);
    31943195        if (!NT_SUCCESS(!rcNt))
     
    32373238        {
    32383239            SIZE_T cbView = 0;
     3240            SUP_DPRINTF(("supR3HardNtPuChTriggerInitialImageEvents: mapping view of %s\n", pszShort)); /* For SEP. */
    32393241            rcNt = NtMapViewOfSection(hSection, pThis->hProcess, &pvRet, 0 /*ZeroBits*/, 0 /*CommitSize*/,
    32403242                                      NULL /*pOffSect*/, &cbView, ViewShare, 0 /*AllocationType*/, PAGE_READWRITE);
     
    33123314     * a 2nd time into the process before we actually start executing the thread
    33133315     * and trigger the genuine image load events.
    3314      */
     3316     *
     3317     * Update: Turns out Symantec Endpoint Protection deadlocks when we map the
     3318     *         executable into the process like this.  The system only works
     3319     *         halfways after that Powerbutton, impossible to shutdown without
     3320     *         using the power or reset button. The order of the two mappings
     3321     *         below doesn't matter. Haven't had time to look at stack yet.
     3322     *         Observed on W7/64, SEP v12.1.4112.4156.
     3323     *
     3324     */
     3325#if 0
    33153326    PVOID pvExe2 = supR3HardNtPuChMapDllIntoChild(pThis, &g_SupLibHardenedExeNtPath.UniStr, "executable[2nd]");
    3316 
     3327#else
     3328    PVOID pvExe2 = NULL;
     3329#endif
    33173330    UNICODE_STRING NtName1 = RTNT_CONSTANT_UNISTR(L"\\SystemRoot\\System32\\ntdll.dll");
    33183331    PVOID pvNtDll2 = supR3HardNtPuChMapDllIntoChild(pThis, &NtName1, "ntdll.dll[2nd]");
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette