Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Protect code or data against modification

thisuserthisuser Member Posts: 3
I'm making a driver and want to make some usermode virtual memory pages non-writable (something that would make VirtualProtect fail or similar).

There's a function in the kernel (MmSecureVirtualMemoryAgainstWrites) but it's not exported. I'm not even sure that it does what I think it does because I haven't tried calling it yet.

Does anyone have suggestions on how to acomplish this?
Obviously, I only need this protection to work against other usermode code.

Thank you.

Comments

  • thisuserthisuser Member Posts: 3
    Little update.

    MmSecureVirtualMemoryAgainstWrites appears to fail if the memory is part of a section that was mapped with "ViewShare" inherit disposition.
    DLLs are mapped that way so it means it can't be used on DLL/module memory.
  • anton_bassovanton_bassov Member Posts: 4,827
    What if some other driver decides to undo this "protection"? Apparently,it never occurred to you to think this way,right....



    OK, fair enough - this protection may be workable up to some point, but once some driver that "has a different opinion" on your protection is loaded, all the bets are off. This is the usual problem of all security software, although some may say driver signing mitigates the issue.....

    Anton Bassov
  • thisuserthisuser Member Posts: 3
    That's why I said I only need it to work against other usermode code.
    I know kernelmode code could undo this, but it's usually game over at that point unless you're running some kind of hypervisor.
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!