Question about MmSecureVirtualMemory

Hey, guys.

Small question. If I use MmSecureVirtualMemory with constant PAGE_READONLY to secure buffer, could I change later its protection to PAGE_READWRITE, for example, with ZwProtectVirtualMemory? Documentation from MS said that you can’t change secured buffer protection to more restrictive, so PAGE_READWRITE is not more restrictive than PAGE_READONLY and should work. Am I right?

Thx.

xxxxx@gmail.com wrote:

Hey, guys.

Small question. If I use MmSecureVirtualMemory with constant PAGE_READONLY to secure buffer, could I change later its protection to PAGE_READWRITE, for example, with ZwProtectVirtualMemory? Documentation from MS said that you can’t change secured buffer protection to more restrictive, so PAGE_READWRITE is not more restrictive than PAGE_READONLY and should work. Am I right?

I note the following sentence on the MSDN page :

While calling *MmSecureVirtualMemory* on an address range prevents
the address range from being freed or from having its protection
changed,

Also, in the context of this routine, I believe your statement that
“PAGE_READWRITE is not more restrictive than PAGE_READONLY” is wrong.
Look at the wording. In the context of this function, PAGE_READWRITE is
the most restrictive option, because it gives the kernel driver a
stronger guarantee.

However, it is ambiguous.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.