Skip to content
GitLab

Many memory pages in tor.exe for Windows violate W^X

A cypherpunk (ticket:21617#comment:5) has reported that the tor.exe process in the Tor Expert Bundle on Windows has many Execute/Read/Write memory pages. I also observe the same thing for Tor Browser's tor.exe process. Also, there are many Execute/Copy on Write pages, which I suspect, after reading Microsoft documentation, are also effectively W^X violations.

To reproduce on Windows:

  1. Download VMMap: [https://technet.microsoft.com/en-us/sysinternals/vmmap.aspx]
  2. Run Tor Browser
  3. Run VMMap and select the tor.exe process
  4. Select View > Expand All
  5. In the bottom table of the VMMap window, examine the Protection column. Note many Execute/Read/Write and Execute/Copy on Write pages, all belonging to either tor.exe or DLLs bundled with tor.exe.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information