I’m making a driver and want to make some usermode virtual memory pages non-writable (something that would make VirtualProtect fail or similar).
There’s a function in the kernel (MmSecureVirtualMemoryAgainstWrites) but it’s not exported. I’m not even sure that it does what I think it does because I haven’t tried calling it yet.
Does anyone have suggestions on how to acomplish this?
Obviously, I only need this protection to work against other usermode code.
Thank you.
Little update.
MmSecureVirtualMemoryAgainstWrites appears to fail if the memory is part of a section that was mapped with “ViewShare” inherit disposition.
DLLs are mapped that way so it means it can’t be used on DLL/module memory.
What if some other driver decides to undo this “protection”? Apparently,it never occurred to you to think this way,right…
OK, fair enough - this protection may be workable up to some point, but once some driver that “has a different opinion” on your protection is loaded, all the bets are off. This is the usual problem of all security software, although some may say driver signing mitigates the issue…
Anton Bassov
That’s why I said I only need it to work against other usermode code.
I know kernelmode code could undo this, but it’s usually game over at that point unless you’re running some kind of hypervisor.