Do
MmCopyFrom/ToCaller use SEH?
If not, both are necessary. Using SEH protects from another
thread in the process (or some other component) free the VM
page and cause a crash.
So not only must the address be checked to make sure it
is a user mode address iff the caller is user mode, but
the parameter need to be copied using SEH; otherwise
what was just probed as valid may become invalid before
the copy can be done.
Yes... and no...
our exception handler has a special-case for MmCopyFrom/MmCopyTo.
The upshot is that those two functions have SEH without explicitly
needing to setup an SEH frame for it.
Fascinating... that I would have never guessed.
Thanks,
Joseph