VirtualBox

Ignore:
Timestamp:
Oct 11, 2016 10:36:05 AM (8 years ago)
Author:
vboxsync
Message:

IPRT/ldrPE: New load config structures, ignoring non-zero values for two new fields (14901+).

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/VBox/Runtime/common/ldr/ldrPE.cpp

    r63561 r64204  
    29722972     * volatile everywhere! Trying to prevent the compiler being a smarta$$ and reorder stuff.
    29732973     */
    2974     IMAGE_LOAD_CONFIG_DIRECTORY32_V5 volatile *pLoadCfg32 = (IMAGE_LOAD_CONFIG_DIRECTORY32_V5 volatile *)pLoadCfg;
    2975     IMAGE_LOAD_CONFIG_DIRECTORY64_V5 volatile *pLoadCfg64 = pLoadCfg;
     2974    IMAGE_LOAD_CONFIG_DIRECTORY32_V7 volatile *pLoadCfg32 = (IMAGE_LOAD_CONFIG_DIRECTORY32_V7 volatile *)pLoadCfg;
     2975    IMAGE_LOAD_CONFIG_DIRECTORY64_V7 volatile *pLoadCfg64 = pLoadCfg;
    29762976
    29772977    pLoadCfg64->GuardAddressTakenIatEntryTable  = pLoadCfg32->GuardAddressTakenIatEntryTable;
     
    29862986    pLoadCfg64->GuardCFFunctionCount            = pLoadCfg32->GuardCFFunctionCount;
    29872987    pLoadCfg64->GuardCFFunctionTable            = pLoadCfg32->GuardCFFunctionTable;
    2988     pLoadCfg64->Reserved2                       = pLoadCfg32->Reserved2;
     2988    pLoadCfg64->GuardCFDispatchFunctionPointer  = pLoadCfg32->GuardCFDispatchFunctionPointer;
    29892989    pLoadCfg64->GuardCFCCheckFunctionPointer    = pLoadCfg32->GuardCFCCheckFunctionPointer;
    29902990    pLoadCfg64->SEHandlerCount                  = pLoadCfg32->SEHandlerCount;
     
    29922992    pLoadCfg64->SecurityCookie                  = pLoadCfg32->SecurityCookie;
    29932993    pLoadCfg64->EditList                        = pLoadCfg32->EditList;
    2994     pLoadCfg64->Reserved1                       = pLoadCfg32->Reserved1;
     2994    pLoadCfg64->DependentLoadFlags              = pLoadCfg32->DependentLoadFlags;
    29952995    pLoadCfg64->CSDVersion                      = pLoadCfg32->CSDVersion;
    29962996    pLoadCfg64->ProcessHeapFlags                = pLoadCfg32->ProcessHeapFlags; /* switched place with ProcessAffinityMask, but we're more than 16 byte off by now so it doesn't matter. */
     
    35183518    {
    35193519        IMAGE_LOAD_CONFIG_DIRECTORY64   Cfg64;
    3520         uint8_t                         abZeros[sizeof(IMAGE_LOAD_CONFIG_DIRECTORY64_V5) * 4];
     3520        uint8_t                         abZeros[sizeof(IMAGE_LOAD_CONFIG_DIRECTORY64_V7) * 4];
    35213521    } u;
    35223522
     
    35293529    if (Dir.Size)
    35303530    {
     3531        const size_t cbExpectV7 = !pModPe->f64Bit
     3532                                ? sizeof(IMAGE_LOAD_CONFIG_DIRECTORY32_V7)
     3533                                : sizeof(IMAGE_LOAD_CONFIG_DIRECTORY64_V7);
     3534        const size_t cbExpectV6 = !pModPe->f64Bit
     3535                                ? sizeof(IMAGE_LOAD_CONFIG_DIRECTORY32_V6)
     3536                                : sizeof(IMAGE_LOAD_CONFIG_DIRECTORY64_V6);
    35313537        const size_t cbExpectV5 = !pModPe->f64Bit
    35323538                                ? sizeof(IMAGE_LOAD_CONFIG_DIRECTORY32_V5)
     
    35443550                                ? sizeof(IMAGE_LOAD_CONFIG_DIRECTORY32_V1)
    35453551                                : sizeof(IMAGE_LOAD_CONFIG_DIRECTORY64_V2) /*No V1*/;
     3552        const size_t cbNewHack  = cbExpectV5; /* Playing safe here since there might've been revisions between V5 and V6 we don't know about . */
     3553        const size_t cbMaxKnown = cbExpectV7;
    35463554
    35473555        bool fNewerStructureHack = false;
    3548         if (   Dir.Size != cbExpectV5
     3556        if (   Dir.Size != cbExpectV7
     3557            && Dir.Size != cbExpectV6
     3558            && Dir.Size != cbExpectV5
    35493559            && Dir.Size != cbExpectV4
    35503560            && Dir.Size != cbExpectV3
     
    35523562            && Dir.Size != cbExpectV1)
    35533563        {
    3554             fNewerStructureHack = Dir.Size > cbExpectV5 /* These structure changes are slowly getting to us! More futher down. */
     3564            fNewerStructureHack = Dir.Size > cbNewHack /* These structure changes are slowly getting to us! More futher down. */
    35553565                               && Dir.Size <= sizeof(u);
    3556             Log(("rtldrPEOpen: %s: load cfg dir: unexpected dir size of %u bytes, expected %zu, %zu, %zu, %zu, or %zu.%s\n",
    3557                  pszLogName, Dir.Size, cbExpectV5, cbExpectV4, cbExpectV3, cbExpectV2, cbExpectV1,
     3566            Log(("rtldrPEOpen: %s: load cfg dir: unexpected dir size of %u bytes, expected %zu, %zu, %zu, %zu, %zu, %zu, or %zu.%s\n",
     3567                 pszLogName, Dir.Size, cbExpectV7, cbExpectV6, cbExpectV5, cbExpectV4, cbExpectV3, cbExpectV2, cbExpectV1,
    35583568                 fNewerStructureHack ? " Will try ignore extra bytes if all zero." : ""));
    35593569            if (!fNewerStructureHack)
    35603570                return RTErrInfoSetF(pErrInfo, VERR_LDRPE_LOAD_CONFIG_SIZE,
    3561                                      "Unexpected load config dir size of %u bytes; supported sized: %zu, %zu, %zu, %zu, or %zu",
    3562                                      Dir.Size, cbExpectV5, cbExpectV4, cbExpectV3, cbExpectV2, cbExpectV1);
     3571                                     "Unexpected load config dir size of %u bytes; supported sized: %zu, %zu, %zu, %zu, %zu, %zu, or %zu",
     3572                                     Dir.Size, cbExpectV7, cbExpectV6, cbExpectV5, cbExpectV4, cbExpectV3, cbExpectV2, cbExpectV1);
    35633573        }
    35643574
     
    35763586            return rc;
    35773587        if (   fNewerStructureHack
    3578             && !ASMMemIsZero(&u.abZeros[cbExpectV5], Dir.Size - cbExpectV5))
     3588            && Dir.Size > cbMaxKnown
     3589            && !ASMMemIsZero(&u.abZeros[cbMaxKnown], Dir.Size - cbMaxKnown))
    35793590        {
    35803591            Log(("rtldrPEOpen: %s: load cfg dir: Unexpected bytes are non-zero (%u bytes of which %u expected to be zero): %.*Rhxs\n",
    3581                  pszLogName, Dir.Size, Dir.Size - cbExpectV5, Dir.Size - cbExpectV5, &u.abZeros[cbExpectV5]));
     3592                 pszLogName, Dir.Size, Dir.Size - cbMaxKnown, Dir.Size - cbMaxKnown, &u.abZeros[cbMaxKnown]));
    35823593            return RTErrInfoSetF(pErrInfo, VERR_LDRPE_LOAD_CONFIG_SIZE,
    35833594                                 "Grown load config (%u to %u bytes) includes non-zero bytes: %.*Rhxs",
    3584                                  cbExpectV5, Dir.Size, Dir.Size - cbExpectV5, &u.abZeros[cbExpectV5]);
     3595                                 cbMaxKnown, Dir.Size, Dir.Size - cbMaxKnown, &u.abZeros[cbMaxKnown]);
    35853596        }
    35863597        rtldrPEConvert32BitLoadConfigTo64Bit(&u.Cfg64);
     
    35973608            /* Kludge #2: This happens a lot. Structure changes, but the linker doesn't get
    35983609               updated and stores some old size in the directory.  Use the header size. */
    3599             else if (   u.Cfg64.Size == cbExpectV5
     3610            else if (   u.Cfg64.Size == cbExpectV7
     3611                     || u.Cfg64.Size == cbExpectV6
     3612                     || u.Cfg64.Size == cbExpectV5
    36003613                     || u.Cfg64.Size == cbExpectV4
    36013614                     || u.Cfg64.Size == cbExpectV3
    36023615                     || u.Cfg64.Size == cbExpectV2
    36033616                     || u.Cfg64.Size == cbExpectV1
    3604                      || (fNewerStructureHack = (u.Cfg64.Size > cbExpectV5 && u.Cfg64.Size <= sizeof(u))) )
     3617                     || (fNewerStructureHack = (u.Cfg64.Size > cbNewHack && u.Cfg64.Size <= sizeof(u))) )
    36053618            {
    36063619                Log(("rtldrPEOpen: %s: load cfg dir: Header (%d) and directory (%d) size mismatch, applying the old linker kludge.\n",
     
    36143627                    return rc;
    36153628                if (   fNewerStructureHack
    3616                     && !ASMMemIsZero(&u.abZeros[cbExpectV5], Dir.Size - cbExpectV5))
     3629                    && Dir.Size > cbMaxKnown
     3630                    && !ASMMemIsZero(&u.abZeros[cbMaxKnown], Dir.Size - cbMaxKnown))
    36173631                {
    36183632                    Log(("rtldrPEOpen: %s: load cfg dir: Unknown bytes are non-zero (%u bytes of which %u expected to be zero): %.*Rhxs\n",
    3619                          pszLogName, Dir.Size, Dir.Size - cbExpectV5, Dir.Size - cbExpectV5, &u.abZeros[cbExpectV5]));
     3633                         pszLogName, Dir.Size, Dir.Size - cbMaxKnown, Dir.Size - cbMaxKnown, &u.abZeros[cbMaxKnown]));
    36203634                    return RTErrInfoSetF(pErrInfo, VERR_LDRPE_LOAD_CONFIG_SIZE,
    36213635                                         "Grown load config (%u to %u bytes, dir %u) includes non-zero bytes: %.*Rhxs",
    3622                                          cbExpectV5, Dir.Size, uOrgDir, Dir.Size - cbExpectV5, &u.abZeros[cbExpectV5]);
     3636                                         cbMaxKnown, Dir.Size, uOrgDir, Dir.Size - cbMaxKnown, &u.abZeros[cbMaxKnown]);
    36233637                }
    36243638                rtldrPEConvert32BitLoadConfigTo64Bit(&u.Cfg64);
     
    36293643            else
    36303644            {
    3631                 Log(("rtldrPEOpen: %s: load cfg hdr: unexpected hdr size of %u bytes (dir %u), expected %zu, %zu, %zu, %zu, or %zu.\n",
    3632                      pszLogName, u.Cfg64.Size, Dir.Size, cbExpectV5, cbExpectV4, cbExpectV3, cbExpectV2, cbExpectV1));
     3645                Log(("rtldrPEOpen: %s: load cfg hdr: unexpected hdr size of %u bytes (dir %u), expected %zu, %zu, %zu, %zu, %zu, %zu, or %zu.\n",
     3646                     pszLogName, u.Cfg64.Size, Dir.Size, cbExpectV7, cbExpectV6, cbExpectV5, cbExpectV4, cbExpectV3, cbExpectV2, cbExpectV1));
    36333647                return RTErrInfoSetF(pErrInfo, VERR_LDRPE_LOAD_CONFIG_SIZE,
    3634                                      "Unexpected load config header size of %u bytes (dir %u); supported sized: %zu, %zu, %zu, %zu, or %zu",
    3635                                      u.Cfg64.Size, Dir.Size, cbExpectV5, cbExpectV4, cbExpectV3, cbExpectV2, cbExpectV1);
     3648                                     "Unexpected load config header size of %u bytes (dir %u); supported sized: %zu, %zu, %zu, %zu, %zu, %zu, or %zu",
     3649                                     u.Cfg64.Size, Dir.Size, cbExpectV7, cbExpectV6, cbExpectV5, cbExpectV4, cbExpectV3, cbExpectV2, cbExpectV1);
    36363650            }
    36373651        }
     
    36633677         * structure without messing up its natural alignment. */
    36643678        if (    (   u.Cfg64.GuardCFCCheckFunctionPointer
    3665                  || u.Cfg64.Reserved2
     3679                 || u.Cfg64.GuardCFDispatchFunctionPointer
    36663680                 || u.Cfg64.GuardCFFunctionTable
    36673681                 || u.Cfg64.GuardCFFunctionCount
     
    36743688        {
    36753689            Log(("rtldrPEOpen: %s: load cfg dir: Guard stuff: %RX64,%RX64,%RX64,%RX64,%RX32,%RX64,%RX64,%RX64,%RX64!\n",
    3676                  pszLogName, u.Cfg64.GuardCFCCheckFunctionPointer, u.Cfg64.Reserved2,
     3690                 pszLogName, u.Cfg64.GuardCFCCheckFunctionPointer, u.Cfg64.GuardCFDispatchFunctionPointer,
    36773691                 u.Cfg64.GuardCFFunctionTable, u.Cfg64.GuardCFFunctionCount, u.Cfg64.GuardFlags,
    36783692                 u.Cfg64.GuardAddressTakenIatEntryTable, u.Cfg64.GuardAddressTakenIatEntryCount,
     
    36803694            return RTErrInfoSetF(pErrInfo, VERR_LDRPE_GUARD_CF_STUFF,
    36813695                                 "Guard bits in load config: %RX64,%RX64,%RX64,%RX64,%RX32,%RX64,%RX64,%RX64,%RX64!",
    3682                                  u.Cfg64.GuardCFCCheckFunctionPointer, u.Cfg64.Reserved2,
     3696                                 u.Cfg64.GuardCFCCheckFunctionPointer, u.Cfg64.GuardCFDispatchFunctionPointer,
    36833697                                 u.Cfg64.GuardCFFunctionTable, u.Cfg64.GuardCFFunctionCount, u.Cfg64.GuardFlags,
    36843698                                 u.Cfg64.GuardAddressTakenIatEntryTable, u.Cfg64.GuardAddressTakenIatEntryCount,
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette