Hello,
I have a problem when crafting my own PE Files. When my .rdata section grows over the size of a page the loading crashes with an access violation.
The first page of rdata (Where the IAT resides), when loading the imports, is set to RW, the following - where the Import Table is - only to R. As expected the import loading gives an access violation.
To quickly break while loading the import I overwrote a random import in a functioning executable - When the imports are loaded the first page of .rdata has RW rights. The following pages (belonging to rdata AND .data only have R) BUT the import table is filled correctly even though it is a page with R-only rights.
I've took a look at LdrpInitalizeProcess but couldn't find where it changes the protections or even where to extend that.
The obvious solution would be placing the import table right after the IAT but I really want to avoid that.
Thanks,
wacked
I have a problem when crafting my own PE Files. When my .rdata section grows over the size of a page the loading crashes with an access violation.
The first page of rdata (Where the IAT resides), when loading the imports, is set to RW, the following - where the Import Table is - only to R. As expected the import loading gives an access violation.
To quickly break while loading the import I overwrote a random import in a functioning executable - When the imports are loaded the first page of .rdata has RW rights. The following pages (belonging to rdata AND .data only have R) BUT the import table is filled correctly even though it is a page with R-only rights.
I've took a look at LdrpInitalizeProcess but couldn't find where it changes the protections or even where to extend that.
The obvious solution would be placing the import table right after the IAT but I really want to avoid that.
Thanks,
wacked
Attachments
All files.
(416.63 KiB) Downloaded 35 times
(416.63 KiB) Downloaded 35 times
