none
How CLR JIT Compiler Gets Along With The NX Technology RRS feed

  • Question

  • I am trying to write a PE file compress tool,which is able to compress a PE file's .text part and add decompress code to .text part to decompress the original part to memory. But when my code trys to jump to the decompressed .text part,the NX technology comes out and stop my program.I don't want to use VirtualProtect function to change the page flag of the decompressed .text part,because that requires the administrator's right.Then my question comes out,how CLR JIT Compiler gets along with NX without using VirtualProtect?Of course,all CLR program runs well with the non-administrator right.Anybody can help?

    Wednesday, April 8, 2009 2:20 AM

Answers

  • We're not talking about the same thing.  Use VirtualAlloc() with the PaGE_EXECUTE_READWRITE protection flags to allow the code you unpacked to be executed.
    Hans Passant.
    • Marked as answer by Manjian Wednesday, April 8, 2009 4:17 PM
    Wednesday, April 8, 2009 11:28 AM
    Moderator

All replies

  • Surely it is your code that causes the DEP.  After all, you just unpacked an executable to memory and jumping into it.  The .NET 3.5 compilers turn the NX bit on, you could turn it off.
    Hans Passant.
    Wednesday, April 8, 2009 2:36 AM
    Moderator
  • Well...I don't catch what you mean.The .NET 3.5 JIT compiler turn NX bit on?Does this compiler own the administrator's right?VirtualProtect needs administrator's right,or NX (or DEP) protects nothing.I can see JIT compiler must be running as a process owned by the current user.If the user has no administrator right,JIT is unable to set any page to be an executable page.My program just jumps into the unpacked memory without calling VirtualProtect and fails.So the .NET JIT must have other skill to to jump to the compiled on-the-fly executable page.
    Wednesday, April 8, 2009 3:17 AM
  • We're not talking about the same thing.  Use VirtualAlloc() with the PaGE_EXECUTE_READWRITE protection flags to allow the code you unpacked to be executed.
    Hans Passant.
    • Marked as answer by Manjian Wednesday, April 8, 2009 4:17 PM
    Wednesday, April 8, 2009 11:28 AM
    Moderator
  • That's right...How can I ignore this function all along.Actually we're talking the same thing.Because I am always trying to imitate the JIT compiler in this part.
    Wednesday, April 8, 2009 4:19 PM