On 06/07/2020 14:34, Jon Turney wrote:
On 06/07/2020 09:12, Corinna Vinschen wrote:
What about the two protection fields in MEMORY_BASIC_INFORMATION? If
something changed, Protect != AllocationProtect. Is that insufficient
to handle your case?
Unfortunately that doesn't seem to provide any additional information.
The Windows loader seems to allocate all regions with EXWC protection,
then change it to match the section. (Not that there are any guarantees
about it's behaviour)
I wasn't able to observe a region corresponding to an unmodified .data
section with WC protection, which is somewhat confusing.
I guess that might be due to something in crt0 modifying .data, since
testing with something like:
1 #include <windows.h>
2
3 int __attribute__ ((section (".special"))) mutable = 2;
4
5 int main()
6 {
7 // modify rw data
8 // mutable = 0;
9
10 // deref null pointer
11 *(int *)0 = 1;
12 }
The memory region corresponding to the '.special' section has WC
protection, which changes to RW if it gets modified (as expected).
