Am Montag, den 27.07.2009, 13:24 +0900 schrieb Dmitry Timoshkov: > "Michael Karcher" <w...@mkarcher.dialup.fu-berlin.de> wrote: > > The meaning of "enable" is the same in Windows and Wine: it enables the > > execute permission, not the data execution prevention. > JFYI, I based my original patch on the information at > http://www.uninformed.org/?v=2&a=4 > (To enable NX support, the MEM_EXECUTE_OPTION_DISABLE flag (0x1) is > specified. To disable > NX support, the MEM_EXECUTE_OPTION_ENABLE flag (0x2) is specified) and > Chromium sources: > http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/src/dep.cc
The information you used is right. MEM_EXECUTE_OPTION_ENABLE disables NX support. But the parameter to the function VIRTUAL_SetForceExec does not tell whether to enable NX, but whether to enable execution permission on data pages. So to disable NX (i.e. MEM_EXECUTE_OPTION_ENABLE), execute permission on data pages must be forced, so SetForceExec must be called with TRUE. Thanks for review, Michael Karcher
