From fca332046ed414b0b59a38f651e61cfdb44fca08 Mon Sep 17 00:00:00 2001 From: Timo Kreuzer Date: Wed, 25 Feb 2026 13:22:37 +0200 Subject: [PATCH] [NTOS:MM] Handle NoChange Vads in NtFreeVirtualMemory Fixes assertion failure in ntdll_apitest:NtAllocateVirtualMemory on x64, where the user shared page has a NoChange Vad. This also prevents freeing the PEB and TEB. --- ntoskrnl/mm/ARM3/virtual.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/ntoskrnl/mm/ARM3/virtual.c b/ntoskrnl/mm/ARM3/virtual.c index ac99dc12420..39eb0daa2d6 100644 --- a/ntoskrnl/mm/ARM3/virtual.c +++ b/ntoskrnl/mm/ARM3/virtual.c @@ -5350,9 +5350,14 @@ NtFreeVirtualMemory(IN HANDLE ProcessHandle, } // - // ARM3 does not yet handle protected VM + // Don't allow freeing of protected VADs (PEB/TEB/shared user page) // - ASSERT(Vad->u.VadFlags.NoChange == 0); + if (Vad->u.VadFlags.NoChange != 0) + { + DPRINT1("Attempt to free protected VAD\n"); + Status = STATUS_INVALID_PAGE_PROTECTION; + goto FailPath; + } // // Now we can try the operation. First check if this is a RELEASE or a DECOMMIT