Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Trac Trac
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • Legacy
  • TracTrac
  • Issues
  • #22563
Closed (moved) (moved)
Open
Issue created Jun 10, 2017 by Arthur Edelstein@arthuredelstein

Many memory pages in tor.exe for Windows violate W^X

A cypherpunk (ticket:21617#comment:5) has reported that the tor.exe process in the Tor Expert Bundle on Windows has many Execute/Read/Write memory pages. I also observe the same thing for Tor Browser's tor.exe process. Also, there are many Execute/Copy on Write pages, which I suspect, after reading Microsoft documentation, are also effectively W^X violations.

To reproduce on Windows:

  1. Download VMMap: [https://technet.microsoft.com/en-us/sysinternals/vmmap.aspx]
  2. Run Tor Browser
  3. Run VMMap and select the tor.exe process
  4. Select View > Expand All
  5. In the bottom table of the VMMap window, examine the Protection column. Note many Execute/Read/Write and Execute/Copy on Write pages, all belonging to either tor.exe or DLLs bundled with tor.exe.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking