Hey, guys.
Small question. If I use MmSecureVirtualMemory with constant PAGE_READONLY to secure buffer, could I change later its protection to PAGE_READWRITE, for example, with ZwProtectVirtualMemory? Documentation from MS said that you can’t change secured buffer protection to more restrictive, so PAGE_READWRITE is not more restrictive than PAGE_READONLY and should work. Am I right?
Thx.
xxxxx@gmail.com wrote:
Hey, guys.
Small question. If I use MmSecureVirtualMemory with constant PAGE_READONLY to secure buffer, could I change later its protection to PAGE_READWRITE, for example, with ZwProtectVirtualMemory? Documentation from MS said that you can’t change secured buffer protection to more restrictive, so PAGE_READWRITE is not more restrictive than PAGE_READONLY and should work. Am I right?
I note the following sentence on the MSDN page :
While calling *MmSecureVirtualMemory* on an address range prevents
the address range from being freed or from having its protection
changed,
Also, in the context of this routine, I believe your statement that
“PAGE_READWRITE is not more restrictive than PAGE_READONLY” is wrong.
Look at the wording. In the context of this function, PAGE_READWRITE is
the most restrictive option, because it gives the kernel driver a
stronger guarantee.
However, it is ambiguous.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.