Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

OSR Seminars


Go Back   OSR Online Lists > ntdev
Welcome, Guest
You must login to post to this list
  Message 1 of 4  
11 Mar 18 10:59
thisuser
xxxxxx@gmail.com
Join Date: 11 Mar 2018
Posts To This List: 3
Protect code or data against modification

I'm making a driver and want to make some usermode virtual memory pages non-writable (something that would make VirtualProtect fail or similar). There's a function in the kernel (MmSecureVirtualMemoryAgainstWrites) but it's not exported. I'm not even sure that it does what I think it does because I haven't tried calling it yet. Does anyone have suggestions on how to acomplish this? Obviously, I only need this protection to work against other usermode code. Thank you.
  Message 2 of 4  
11 Mar 18 15:32
thisuser
xxxxxx@gmail.com
Join Date: 11 Mar 2018
Posts To This List: 3
Protect code or data against modification

Little update. MmSecureVirtualMemoryAgainstWrites appears to fail if the memory is part of a section that was mapped with "ViewShare" inherit disposition. DLLs are mapped that way so it means it can't be used on DLL/module memory.
  Message 3 of 4  
12 Mar 18 04:25
anton bassov
xxxxxx@hotmail.com
Join Date: 16 Jul 2006
Posts To This List: 4487
Protect code or data against modification

What if some other driver decides to undo this "protection"? Apparently,it never occurred to you to think this way,right.... OK, fair enough - this protection may be workable up to some point, but once some driver that "has a different opinion" on your protection is loaded, all the bets are off. This is the usual problem of all security software, although some may say driver signing mitigates the issue..... Anton Bassov
  Message 4 of 4  
12 Mar 18 09:18
thisuser
xxxxxx@gmail.com
Join Date: 11 Mar 2018
Posts To This List: 3
Protect code or data against modification

That's why I said I only need it to work against other usermode code. I know kernelmode code could undo this, but it's usually game over at that point unless you're running some kind of hypervisor.
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntdev list to be able to post.

All times are GMT -5. The time now is 17:49.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license