Changeset 53017 in vbox for trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyProcess-win.cpp

Timestamp:

Oct 10, 2014 1:44:08 AM (10 years ago)

Author:

vboxsync

Message:

SUP: Try to work around sakfile.sys bsod and dgmaster.sys.

File:

• trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyProcess-win.cpp (modified) (4 diffs)

trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyProcess-win.cpp

@@ -129 +129 @@
     /** Type of verification to perform. */
     SUPHARDNTVPKIND         enmKind;
+    /** Combination of SUPHARDNTVP_F_XXX. */
+    uint32_t                fFlags;
     /** The result. */
     int                     rcResult;
@@ -1500 +1502 @@
                                             "NtFreeVirtualMemory (%p LB %#zx) failed: %#x",
                                             MemInfo.BaseAddress, MemInfo.RegionSize, rcNt);
+                    /* The Trend Micro sakfile.sys BSOD kludge. */
+                    if (pThis->fFlags & SUPHARDNTVP_F_EXEC_ALLOC_REPLACE_WITH_ZERO)
+                    {
+                        pvFree = MemInfo.BaseAddress;
+                        cbFree = MemInfo.RegionSize;
+                        rcNt = NtAllocateVirtualMemory(pThis->hProcess, &pvFree, 0, &cbFree, MEM_COMMIT, PAGE_READWRITE);
+                        if (!NT_SUCCESS(rcNt))
+                            supHardNtVpSetInfo2(pThis, VERR_SUP_VP_REPLACE_VIRTUAL_MEMORY_FAILED,
+                                                "NtAllocateVirtualMemory (%p LB %#zx) failed with rcNt=%#x allocating "
+                                                "replacement memory for working around buggy protection software. "
+                                                "See VBoxStartup.log for more details",
+                                                MemInfo.BaseAddress, MemInfo.RegionSize, rcNt);
+                        if (pvFree != MemInfo.BaseAddress)
+                            supHardNtVpSetInfo2(pThis, VERR_SUP_VP_REPLACE_VIRTUAL_MEMORY_FAILED,
+                                                "We wanted NtAllocateVirtualMemory to get us %p LB %#zx, but it returned %p LB %#zx.",
+                                                MemInfo.BaseAddress, MemInfo.RegionSize, pvFree, cbFree, rcNt);
+                    }
                 }
                 /*
@@ -2124 +2143 @@
  * @param   hThread             A thread in the process (the caller).
  * @param   enmKind             The kind of process verification to perform.
+ * @param   fFlags              Valid combination of SUPHARDNTVP_F_XXX flags.
  * @param   pErrInfo            Pointer to error info structure. Optional.
  * @param   pcFixes             Where to return the number of fixes made during
  *                              purification.  Optional.
  */
-DECLHIDDEN(int) supHardenedWinVerifyProcess(HANDLE hProcess, HANDLE hThread, SUPHARDNTVPKIND enmKind,
+DECLHIDDEN(int) supHardenedWinVerifyProcess(HANDLE hProcess, HANDLE hThread, SUPHARDNTVPKIND enmKind, uint32_t fFlags,
                                             uint32_t *pcFixes, PRTERRINFO pErrInfo)
 {
@@ -2152 +2172 @@
         {
             pThis->enmKind  = enmKind;
+            pThis->fFlags   = fFlags;
             pThis->rcResult = VINF_SUCCESS;
             pThis->hProcess = hProcess;