Lately I have had some 32-bit processes crashing at startup using ldntvdm.dll on Windows 7 x64.
The issue seems to lie in Hook_Inline_Func (detour.c, line 205) while patching a function in kernel32.dll (namely BasepProcessInvalidImage) :
VirtualProtectEx(hProcess, (PBYTE)src - len, len + 2, PAGE_READWRITE, &OldProt))
It turns out that the functions VirtualProtectEx and BasepProcessInvalidImage have their code located in the same memory page in the latest builds of kernel32.dll; thus the second call to VirtualProtectEx meant to restore the initial page protection triggers an exception, trying to execute no-more-executable code.
Replacing PAGE_READWRITE with PAGE_EXECUTE_READWRITE solved the issue for me.
Lately I have had some 32-bit processes crashing at startup using
ldntvdm.dll
on Windows 7 x64.The issue seems to lie in
Hook_Inline_Func
(detour.c, line 205) while patching a function inkernel32.dll
(namelyBasepProcessInvalidImage
) :VirtualProtectEx(hProcess, (PBYTE)src - len, len + 2, PAGE_READWRITE, &OldProt))
It turns out that the functions
VirtualProtectEx
andBasepProcessInvalidImage
have their code located in the same memory page in the latest builds ofkernel32.dll
; thus the second call toVirtualProtectEx
meant to restore the initial page protection triggers an exception, trying to execute no-more-executable code.Replacing
PAGE_READWRITE
withPAGE_EXECUTE_READWRITE
solved the issue for me.Many thanks for your work on this great project!