![]() ![]() Maybe this is caused by Razer products scanning for the chroma hardware or programs that they have in their own store? Maybe warframe thinks it is acting like a cheat engine of sorts? Ether way this is simply disgusting that such a HUGE flaw has been left alone. DE really needs to fix this for people who are paying for good equipment and they would have no clue as to what the problem is. This crash bug has been around for at least a year or almost so since I bought my Razer Trinity. I also know that this interaction is only with warframe since no other game I have played has as of yet showed issues like this. I know it is related to Razer Synapse since I had to delete ALL of my settings related to it before and then Warframe worked fine. i have a 1060ti on and an I7 processor which was playing the game at mostly 140 fps where I capped it. It isn't because of bad graphics drivers or such as well. Every time I login right now Warframe instantly crashes after a few animated frames of the warframe starting to stand up. If we *miss* a case then it's 100% guaranteed a crash.There is a MASSIVE CRASH/BUG that has been left in place for about a year now I don't know if DE has some problem with Razer Synapse but this is just unacceptable. I think in this code it might be better to have both checks? If we would trigger falsely the worst that happens is that some (unknown) DLL is blocked from being loaded inside the Firefox process. I am fairly confident I read the code correctly as uneven having a special meaning and it not being a valid pointer - both due to the alignment issue and due to finding the same check in the VirtualBox source. lpMinimumApplicationAddress is 64k on any Windows I know of (though one can argue whether first arg to LdrLoadDll is guaranteed to be userspace address - I think it is in reality but it's undocumented territory because this function is called from LoadLibraryExW - in any case you provided additional reasons why <64k cannot be a valid pointer).īut we need the extra & 1 check because otherwise we risk crashing if a future windows version passes 65537. It was the reason the default base addressĪs said, I agree with this reasoning. And the address space allocation granularity is 64K. > Windows NT maps PAGE_NOACCESS page to the first page to catch null pointer (In reply to Masatoshi Kimura from comment #14) ![]() It might lead to more cryptic crash stack: I'm not inclined to swallow exceptions especially inside sensitive locations such as ntdll function hooks. I think we should still have the explicit checks, but then It was the reason the default base address of PE EXE was 0x10000 before Win95.īut OK, I'll change the test logic to check the odd address instead of checking Another thing we should probably do is wrap that pointer dereference inside So the lowest valid address is 0x10000 anyway. Windows NT maps PAGE_NOACCESS page to the first page to catch null pointer access. > that have no meaning at the NT level, so I don't think that should be our > Furthermore, atoms are Win32 constructs (In reply to Aaron Klotz (please use needinfo) from comment #12) ![]() PWCHAR sanitizedFilePath = (intptr_t(filePath) & 1) ? nullptr : filePath Given what the disassembly of NTDLL shows, and what API tracing shows in comment 6, I think we could simply replace the check by: So what we're doing is not very solid in that regard, but adding all those paths checks to our code is going to be messy and hard to get right. !((uintptr_t)pwszSearchPath & 1) & (uintptr_t)pwszSearchPath >= 0x2000U ? pwszSearchPath : L"")īoth the Wine and ReactOS re-implementations of LdrLoadDLL actually avoid using the first parameter unless they have determined that the second one is a relative path. In call to LdrpInitializeDllPath, if x & 1 then the value & 0xFFFFFFFE looks like it's used as a flag or it might be a(n index) to a list of search paths and moduleFileName replaces the path. x & 0x401 = 0x401 if so bail with INVALID PARAMETER Ntldll.dll LdrLoadDLL has 2 specific checks for the first variable: So maybe that 4096 magic value can be replaced by 16384 or something? But it might be better to find out what those values actually mean. I see us being called with 0x2009 (=8201 dec). Okay, now there's an interesting remark at the top of getFullPath: The flags (0), handle (0) and moduleFileName look ok: Patched_LdrLoadDll is being called with a corrupted filePath pointer: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |