From 5da9cebdd4915d4b4d777a1cb3413eeda563c2ff Mon Sep 17 00:00:00 2001 From: Yannis Juglaret Date: Tue, 3 Oct 2023 15:14:38 +0000 Subject: [PATCH] Bug 1705042 - Disable IOInterposer if we detect an incompatible Symantec DLL. r=win-reviewers,gstoll We are receiving crashes that show that our NtReadFile hook is incompatible with a DLL from Symantec. The DLL installs its own hook after ours has been applied, thereby breaking it. This patch is an attempt to avoid these crashes, by disabling the IOInterposer if we detect said DLL. Differential Revision: https://phabricator.services.mozilla.com/D189832 --- xpcom/build/PoisonIOInterposerWin.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xpcom/build/PoisonIOInterposerWin.cpp b/xpcom/build/PoisonIOInterposerWin.cpp index 0d78e073ca7f..ad9a11dbb17f 100644 --- a/xpcom/build/PoisonIOInterposerWin.cpp +++ b/xpcom/build/PoisonIOInterposerWin.cpp @@ -440,7 +440,9 @@ void InitPoisonIOInterposer() { // Bug 1679741: Kingsoft Internet Security calls NtReadFile in their thread // simultaneously when we're applying a hook on NtReadFile. - if (::GetModuleHandleW(L"kwsui64.dll")) { + // Bug 1705042: Symantec applies its own hook on NtReadFile, and ends up + // overwriting part of ours in an incompatible way. + if (::GetModuleHandleW(L"kwsui64.dll") || ::GetModuleHandleW(L"ffm64.dll")) { return; }