Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Windows memory manager enforces read-only access of pages that are not marked as writable.
Read-only memory has always been protected in user mode. However, in Windows NT 4.0 and earlier versions, read-only memory was not protected in kernel mode.
If a Windows kernel-mode driver or application tries to write to a read-only memory segment, the system issues a bug check. For more information, see Bug Check 0xBE: ATTEMPTED_WRITE_TO_READONLY_MEMORY.
Intercepting System Calls
Some drivers intercept system calls by overwriting the driver's own code and inserting jump instructions or other changes. Because the driver's own code is read-only, this technique will cause a bug check to be issued.
Global Strings
If a global string is to be modified, it must not be declared as a pointer to a constant value:
CHAR *myString = "This string cannot be modified.";
In this case, the linker might put the string in a read-only memory segment. Then an attempt to modify the string will result in a bug check.
Instead, the string should be explicitly declared as an array of L-value characters:
CHAR myString[] = "This string can be modified.";
This declaration makes sure that the string is put in writable memory.