VirtualBox

Ignore:
Timestamp:
Oct 6, 2014 8:09:04 PM (10 years ago)
Author:
vboxsync
Message:

SUP: Check the entire NTDLL during process verification now that we're opening vboxdrv[stub] before it is initialized. check the stub process for extra threads and debugger when the VM process opens vboxdrv.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyProcess-win.cpp

    r52954 r52962  
    953953            }
    954954
    955             /* The section bits, only child purification verifies all bits . */
    956             if (   pThis->enmKind == SUPHARDNTVPKIND_CHILD_PURIFICATION
    957                 || (   (pThis->aSecHdrs[i].Characteristics & (IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_CNT_CODE))
     955            /* The section bits. Child purification verifies all, normal
     956               verification verifies all except where the executable is
     957               concerned (due to opening vboxdrv during early process init). */
     958            if (   (   (pThis->aSecHdrs[i].Characteristics & (IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_CNT_CODE))
    958959                    && !(pThis->aSecHdrs[i].Characteristics & IMAGE_SCN_MEM_WRITE))
    959                 || (pThis->aSecHdrs[i].Characteristics & (IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_WRITE)) == IMAGE_SCN_MEM_READ)
     960                || (pThis->aSecHdrs[i].Characteristics & (IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_WRITE)) == IMAGE_SCN_MEM_READ
     961                || (pThis->enmKind == SUPHARDNTVPKIND_VERIFY_ONLY && pImage->fDll)
     962                || pThis->enmKind == SUPHARDNTVPKIND_CHILD_PURIFICATION)
    960963            {
    961964                rc = VINF_SUCCESS;
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette