mirror of
https://github.com/valinet/ExplorerPatcher.git
synced 2024-11-14 11:07:36 +01:00
All: Protect against crashes caused by failure to patch the IAT
Impact: A recent bug report on the Mozilla Firefox issue tracker (https://bugzilla.mozilla.org/show_bug.cgi?id=1798707) identifies a crash in the Firefox browser caused by an invalid memory access performed by ExplorerPatcher (https://crash-stats.mozilla.org/signature/?signature=explorerpatcher.amd64.dll%20|%20%3Cunknown%20in%20Windows.UI.FileExplorer.dll%3E%20|%20explorerpatcher.amd64.dll%20|%20RtlpFindEntry%20|%20RtlpAllocateHeap%20|%20RtlpAllocateHeapInternal%20|%20explorerpatcher.amd64.dll%20|%20RtlDosApplyFileIsolationRedirection_Ustr%20|%20LdrpApplyFileNameRed...&date=%3E%3D2022-11-02T20%3A44%3A00.000Z&date=%3C2022-11-16T20%3A44%3A00.000Z). This might happen only when the "Register as shell extension: option is used, and ExplorerPatcher is injected in other processes. Testing was unable to reproduce the issue, but looking on the crash logs it was determined that it likely happens in "VnPatchDelayIAT", where the memory is patched regardless of whether the protection level actually succeeded changing or not. The call is suspected to fail when certain antivirus solutions are used, although a clear test case with this scenario could not be determined. Also, code review determined that a race condition might happen in both "VnPatchIAT" and "VnPatchDelayIAT", where some other thread might unload the module while the code works with it, attempting to patch the requested function. Description: The issue has been addressed by improved checks and ensuring the module is not unloaded while the functions work with it. The program only attempts to patch the memory if the previous protection change call actually succeeded. Additionally, the module reference count is increased prior to working with it when attempting the patch, in order to prevent other threads from successfully unloading it. The proposed changes should harden the code against unexpected behavior and should address the crashes experienced when the code runs in other processes, including Firefox.
This commit is contained in:
parent
6190fd2278
commit
d7a038564b
@ -1 +1 @@
|
||||
Subproject commit 15ad6ceb685c54de7ebb77f115eabbf88caebf33
|
||||
Subproject commit f0b704fb585aff54692fda6a7d1edcef3fa3e27b
|
Loading…
Reference in New Issue
Block a user