二进制安全C/C++游戏安全汇编 [2020] PAGE_GUARD 内核原理探究 网上 PAGE_GUARD 的文章千篇一律 不知道在说什么JB 可能作者自己都不知道在说什么 这里给出WRK的答案: 在设置PAGE_GUARD后: https://github.com/mic101/windows/blob/master/WRK-v1.2/base/ntos/mm/protect.c#L868 > The PTE is a private page which is valid, if the specified protection is no-access or guard page remove the PTE from the working set. 调用MiRemovePageFromWorkingSet 结果: https://github.com/mic101/windows/blob/master/WRK-v1.2/base/ntos/mm/wslist.c#L781 > This function removes the page mapped by the specified PTE from the process's working set list. 访问的时候会调用MiAccessCheck检查ProtectionCode: https://github.com/mic101/windows/blob/master/WRK-v1.2/base/ntos/mm/acceschk.c#L160 MI_IS_GUARD 的定义是: ```cpp #define MI_IS_GUARD(ProtectCode) ((ProtectCode >> 3) == (MM_GUARD_PAGE >> 3)) ``` ProtectionCode由来: 在访问内存的时候会调用 MiCheckVirtualAddress https://github.com/mic101/windows/blob/master/WRK-v1.2/base/ntos/mm/pagfault.c#L4701 如果是private 属性的,则会 https://github.com/mic101/windows/blob/master/WRK-v1.2/base/ntos/mm/pagfault.c#L4787 https://github.com/mic101/windows/blob/master/WRK-v1.2/base/ntos/mm/pagfault.c#L4806 取VAD里面的值 ProtectionCode就是这样来的 来了后 ### 废物百度 阅读全文 2020-12-19 huoji 0 条评论