Kernelmode atomic operation

Jun 4, 2009 at 9:47 PM

Hi


Could you please point me in the right direction, why the following code segement is an atomic operation and works on SMP systems:

    AtomicCache = *((ULONGLONG*)Hook->TargetProc);
    {
        RtlCopyMemory(&AtomicCache, Jumper, 5);

        // backup entry point for later comparsion
        Hook->HookCopy = AtomicCache;
    }
    *((ULONGLONG*)Hook->TargetProc) = AtomicCache;

 

Kind regards

Jeff

Coordinator
Jun 6, 2009 at 10:16 PM

because on 64-bit processors this is an atomic operation... I think on 32-bit there is another code segment?! on 32-bit of course, the thing above is not atomic...

atomic in the sense of that " *((ULONGLONG*)Hook->TargetProc) = AtomicCache;" is atomic (the change of executable code) of course not the whole code segment!

Jun 7, 2009 at 10:35 AM

So RtlCopyMemory does 5 movs. Whenever a thread executes the code which easyhook currently modifies the OS crashes! Imagine RtlCopyMemory has copied the first byte and then a context swap occures.

Another thing, certain sections inside kernelspace are write protected. Where do you remove that protection (I couldn't find the code)?

Cheers