Closed
Bug 845098
Opened 11 years ago
Closed 11 years ago
Windows write poisoning doesn't catch all writes
Categories
(Core :: XPCOM, defect, P3)
Tracking
()
RESOLVED
FIXED
People
(Reporter: BenWa, Assigned: espindola)
References
Details
We originally though that NtFlushBuffersFile would cover all the writes but apparently it does not. FileSync->NtFlushBuffersFile but fclose does not call NtFlushBuffersFile.
|
Assignee | |
Comment 1•11 years ago
|
||
The stack we got was:
> ntdll.dll!_NtWriteFile@36()
KernelBase.dll!_WriteFile@20() + 0x113 bytes
kernel32.dll!_WriteFileImplementation@20() + 0x4a bytes
msvcr100.dll!__write_nolock() + 0x553 bytes
msvcr100.dll!__write() + 0x74 bytes
msvcr100.dll!__flush() + 0x3b bytes
msvcr100.dll!__fclose_nolock() + 0x21 bytes
msvcr100.dll!_fclose() + 0x3d bytes
xul.dll!mozilla::ShutdownXPCOM(nsIServiceManager * servMgr) Line 634 + 0x7 bytes C++
xul.dll!ScopedXPCOMStartup::~ScopedXPCOMStartup() Line 1129 C++
xul.dll!XREMain::XRE_main(int argc, char * * argv, const nsXREAppData * aAppData) Line 3982 + 0xe bytes C++
xul.dll!XRE_main(int argc, char * * argv, const nsXREAppData * aAppData, unsigned int aFlags) Line 4160 + 0x12 bytes C++
firefox.exe!do_main(int argc, char * * argv, nsIFile * xreDirectory) Line 233 + 0x13 bytes C++
firefox.exe!NS_internal_main(int argc, char * * argv) Line 546 + 0xe bytes C++
firefox.exe!wmain(int argc, wchar_t * * argv) Line 112 C++
firefox.exe!__tmainCRTStartup() Line 552 + 0x17 bytes C
kernel32.dll!@BaseThreadInitThunk@12() + 0x12 bytes
ntdll.dll!___RtlUserThreadStart@8() + 0x27 bytes
ntdll.dll!__RtlUserThreadStart@8() + 0x1b bytes
We will poison ntdll.dll!_NtWriteFile@36, but does anyone know a way to find out if we need to poison anything else?|
|
Assignee | |
Updated•11 years ago
|
Assignee: nobody → respindola
Status: NEW → ASSIGNED
|
||
Comment 2•11 years ago
|
||
(In reply to Rafael Ávila de Espíndola (:espindola) from comment #1) > The stack we got was: > > > ntdll.dll!_NtWriteFile@36() > KernelBase.dll!_WriteFile@20() + 0x113 bytes > kernel32.dll!_WriteFileImplementation@20() + 0x4a bytes > msvcr100.dll!__write_nolock() + 0x553 bytes > msvcr100.dll!__write() + 0x74 bytes > msvcr100.dll!__flush() + 0x3b bytes > msvcr100.dll!__fclose_nolock() + 0x21 bytes > msvcr100.dll!_fclose() + 0x3d bytes > xul.dll!mozilla::ShutdownXPCOM(nsIServiceManager * servMgr) Line 634 + > 0x7 bytes C++ > xul.dll!ScopedXPCOMStartup::~ScopedXPCOMStartup() Line 1129 C++ > xul.dll!XREMain::XRE_main(int argc, char * * argv, const nsXREAppData * > aAppData) Line 3982 + 0xe bytes C++ > xul.dll!XRE_main(int argc, char * * argv, const nsXREAppData * aAppData, > unsigned int aFlags) Line 4160 + 0x12 bytes C++ > firefox.exe!do_main(int argc, char * * argv, nsIFile * xreDirectory) Line > 233 + 0x13 bytes C++ > firefox.exe!NS_internal_main(int argc, char * * argv) Line 546 + 0xe > bytes C++ > firefox.exe!wmain(int argc, wchar_t * * argv) Line 112 C++ > firefox.exe!__tmainCRTStartup() Line 552 + 0x17 bytes C > kernel32.dll!@BaseThreadInitThunk@12() + 0x12 bytes > ntdll.dll!___RtlUserThreadStart@8() + 0x27 bytes > ntdll.dll!__RtlUserThreadStart@8() + 0x1b bytes > > We will poison ntdll.dll!_NtWriteFile@36, but does anyone know a way to find > out if we need to poison anything else? I suggest looking at the Wine source code as a first step.
|
||
Updated•11 years ago
|
Priority: -- → P3
|
|
Assignee | |
Comment 3•11 years ago
|
||
We now poison NtWriteFile and NtWriteFileGather
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•