Accessing Read-Only System Memory

The Windows memory manager enforces read-only access of pages that are not marked as writable.

Read-only memory has always been protected in user mode. However, in Windows NT 4.0 and earlier versions, read-only memory was not protected in kernel mode.

If a Windows kernel-mode driver or application tries to write to a read-only memory segment, the system issues a bug check. For more information, see Bug Check 0xBE: ATTEMPTED_WRITE_TO_READONLY_MEMORY.

Intercepting System Calls

Some drivers intercept system calls by overwriting the driver's own code and inserting jump instructions or other changes. Because the driver's own code is read-only, this technique will cause a bug check to be issued.

Global Strings

If a global string is to be modified, it must not be declared as a pointer to a constant value:

CHAR *myString = "This string cannot be modified.";

In this case, the linker might put the string in a read-only memory segment. Then an attempt to modify the string will result in a bug check.

Instead, the string should be explicitly declared as an array of L-value characters:

CHAR myString[] = "This string can be modified.";

This declaration makes sure that the string is put in writable memory.

Send comments about this topic to Microsoft