[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/30143] New: All PE sections are paged
|
From: |
pali at kernel dot org |
|
Subject: |
[Bug binutils/30143] New: All PE sections are paged |
|
Date: |
Sun, 19 Feb 2023 16:51:10 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=30143
Bug ID: 30143
Summary: All PE sections are paged
Product: binutils
Version: 2.39
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: pali at kernel dot org
Target Milestone: ---
GCC/LD for NT kernel drivers marks all functions as paged, including those
which should not be paged. Driver functions which could be paged are those
which are in PE section PAGE. Section which must not be paged must be marked
with IMAGE_SCN_MEM_NOT_PAGED flag.
For a test case here is simple NT kernel driver which entry point function is
in standard INIT non-paged section, driver unload function is explicitly put
into PAGE section (so it can be paged) and dispatch create function is in
default .text section which should be also non-paged.
$ cat test-paging.c
#include <ntddk.h>
static NTSTATUS NTAPI DriverDispatchCreate(IN PDEVICE_OBJECT DeviceObject, IN
PIRP Irp) {
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
__attribute__((section("PAGE")))
static VOID NTAPI DriverUnload(IN PDRIVER_OBJECT DriverObject) {
}
NTSTATUS NTAPI DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING
RegistryPath) asm("DriverEntry") __attribute__((section("INIT")));
NTSTATUS NTAPI DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING
RegistryPath) {
DriverObject->DriverUnload = DriverUnload;
DriverObject->MajorFunction[IRP_MJ_CREATE] = DriverDispatchCreate;
return 0;
}
$ x86_64-w64-mingw32-gcc -nostartfiles -nodefaultlibs -nostdlib
-Wl,--subsystem,native -e DriverEntry `x86_64-w64-mingw32-gcc -E -Wp,-v -o
/dev/null - 2>&1 </dev/null | sed -n 's/^ \(.*\)/-I\1\/ddk/p'`
-D__INTRINSIC_DEFINED__InterlockedAdd64 test-paging.c -lntoskrnl -o
test-paging.sys
$ readpe test-paging.sys | grep -A 11 'Name:\s*\(\.text\|PAGE\|INIT\)'
export directory not found
Name: .text
Virtual Address: 0x1000
Physical Address: 0x80
Size: 0x200 (512 bytes)
Pointer To Data: 0x400
Relocations: 0
Characteristics: 0x60000020
Characteristic Names
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Section
Name: PAGE
Virtual Address: 0x2000
Physical Address: 0xc
Size: 0x200 (512 bytes)
Pointer To Data: 0x600
Relocations: 0
Characteristics: 0x60000020
Characteristic Names
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Section
Name: INIT
Virtual Address: 0x3000
Physical Address: 0x34
Size: 0x200 (512 bytes)
Pointer To Data: 0x800
Relocations: 0
Characteristics: 0x60000020
Characteristic Names
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Section
As can be seen in readpe output, all 3 sections .text, PAGE and INIT are paged
as they do not have IMAGE_SCN_MEM_NOT_PAGED flag set.
--
You are receiving this mail because:
You are on the CC list for the bug.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Bug binutils/30143] New: All PE sections are paged,
pali at kernel dot org <=