[NTOS:MM:X64] On x64 allocate a VAD for the shared user page

2025-04-04 04:26:32 +00:00 · 2020-03-07 19:35:15 +01:00 · 2020-03-07 19:35:15 +01:00 · 48d1bd2c88
commit 48d1bd2c88
parent a5d47ff72b
1 changed files with 66 additions and 0 deletions
--- a/ntoskrnl/mm/ARM3/procsup.c
+++ b/ntoskrnl/mm/ARM3/procsup.c
@ -840,6 +840,62 @@ MmCreateTeb(IN PEPROCESS Process,
    return Status;
 }

+#ifdef _M_AMD64
+static
+NTSTATUS
+MiInsertSharedUserPageVad(VOID)
+{
+    PMMVAD_LONG Vad;
+    ULONG_PTR BaseAddress;
+    NTSTATUS Status;
+
+    /* Allocate a VAD */
+    Vad = ExAllocatePoolWithTag(NonPagedPool, sizeof(MMVAD_LONG), 'ldaV');
+    if (Vad == NULL)
+    {
+        DPRINT1("Failed to allocate VAD for shared user page\n");
+        return STATUS_INSUFFICIENT_RESOURCES;
+    }
+
+    /* Setup the primary flags with the size, and make it private, RO */
+    Vad->u.LongFlags = 0;
+    Vad->u.VadFlags.CommitCharge = 0;
+    Vad->u.VadFlags.NoChange = TRUE;
+    Vad->u.VadFlags.VadType = VadNone;
+    Vad->u.VadFlags.MemCommit = FALSE;
+    Vad->u.VadFlags.Protection = MM_READONLY;
+    Vad->u.VadFlags.PrivateMemory = TRUE;
+    Vad->u1.Parent = NULL;
+
+    /* Setup the secondary flags to make it a secured, readonly, long VAD */
+    Vad->u2.LongFlags2 = 0;
+    Vad->u2.VadFlags2.OneSecured = TRUE;
+    Vad->u2.VadFlags2.LongVad = TRUE;
+    Vad->u2.VadFlags2.ReadOnly = FALSE;
+
+    Vad->ControlArea = NULL; // For Memory-Area hack
+    Vad->FirstPrototypePte = NULL;
+
+    /* Insert it into the process VAD table */
+    BaseAddress = MM_SHARED_USER_DATA_VA;
+    Status = MiInsertVadEx((PMMVAD)Vad,
+                            &BaseAddress,
+                            PAGE_SIZE,
+                            (ULONG_PTR)MM_HIGHEST_VAD_ADDRESS,
+                            PAGE_SIZE,
+                            MEM_TOP_DOWN);
+    if (!NT_SUCCESS(Status))
+    {
+        DPRINT1("Failed to insert shared user VAD\n");
+        ExFreePoolWithTag(Vad, 'ldaV');
+        return Status;
+    }
+
+    /* Success */
+    return STATUS_SUCCESS;
+}
+#endif
+
 VOID
 NTAPI
 MiInitializeWorkingSetList(IN PEPROCESS CurrentProcess)
@ -957,6 +1013,16 @@ MmInitializeProcessAddressSpace(IN PEPROCESS Process,
    /* Release PFN lock */
    MiReleasePfnLock(OldIrql);

+#ifdef _M_AMD64
+    /* On x64 we need a VAD for the shared user page */
+    Status = MiInsertSharedUserPageVad();
+    if (!NT_SUCCESS(Status))
+    {
+        DPRINT1("MiCreateSharedUserPageVad() failed: 0x%lx\n", Status);
+        return Status;
+    }
+#endif
+
    /* Check if there's a Section Object */
    if (SectionObject)
    {