From 2913ef5c9300fe1028de07f238dcb2ed39174edf Mon Sep 17 00:00:00 2001 From: Timo Kreuzer Date: Sat, 7 Sep 2024 23:33:48 +0300 Subject: [PATCH] [NTOS:KE/x64] Fix exception information on page faults Pass a proper write/execute flag in the ExceptionInformation[0] field of the exception record instead of the raw fault code. This fixes comdlg:filedlg wine test, which writes to a write protected resource section, which needs to be handled by kernel32 UnhandledExceptionFilter, which relies on this parameter to be correct. --- ntoskrnl/ke/amd64/trap.S | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ntoskrnl/ke/amd64/trap.S b/ntoskrnl/ke/amd64/trap.S index 03e71bf9bc3..34b7c906104 100644 --- a/ntoskrnl/ke/amd64/trap.S +++ b/ntoskrnl/ke/amd64/trap.S @@ -461,8 +461,11 @@ IntsDisabled: PageFaultError: - /* Set parameter 1 to error code */ + /* Set parameter 1 to write/execute flag. + See https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-exception_record */ mov r9d, [rbp + KTRAP_FRAME_ErrorCode] + shr r9d, 1 + and r9d, 9 /* Set parameter 2 to faulting address */ mov r10, cr2 // Param2 = faulting address