Merge pull request #4537 from zacklj89/dev/zajohnson/iat-overwrite-doc

prmerger-automator[bot] · web-flow · commit da06c1c52b93 · 2022-11-08T13:49:27.000Z
Updating asan runtime documentation for iat_overwrite option
diff --git a/docs/sanitizers/asan-runtime.md b/docs/sanitizers/asan-runtime.md
@@ -86,6 +86,14 @@ For more information, see the [Differences with Clang 12.0](./asan.md#difference
 >
 > The option `windows_hook_rtl_allocators`, previously an opt-in feature while AddressSanitizer was experimental, is now enabled by default.
 
+- `iat_overwrite`
+  String, set to `"error"` by default. Other possible values are `"protect"` and `"ignore"`. Some modules may overwrite the [`import address table`](/windows/win32/debug/pe-format#import-address-table) of other modules to customize implementations of certain functions. For example, drivers commonly provide custom implementations for specific hardware. The `iat_overwrite` option manages the AddressSanitizer runtime's protection against overwrites for specific [`memoryapi.h`](/windows/win32/api/memoryapi/) functions. The runtime currently tracks the [`VirtualAlloc`](/windows/win32/api/memoryapi/nf-memoryapi-virtualalloc), [`VirtualProtect`](/windows/win32/api/memoryapi/nf-memoryapi-virtualprotect), and [`VirtualQuery`](/windows/win32/api/memoryapi/nf-memoryapi-virtualquery) functions for protection. This option is available in Visual Studio 2022 version 17.5 preview 1 and later versions. The following `iat_overwrite` values control how the runtime reacts when protected functions are overwritten:
+
+  - If set to `"error"` (the default), the runtime reports an error whenever an overwrite is detected.
+  - If set to `"protect"`, the runtime attempts to avoid using the overwritten definition and proceeds. Effectively, the original `memoryapi` definition of the function is used from inside the runtime to avoid infinite recursion. Other modules in the process still use the overwritten definition.
+  - If set to `"ignore"`, the runtime doesn't attempt to correct any overwritten functions and proceeds with execution.
+
+
 ## <a name="intercepted_functions"></a> AddressSanitizer list of intercepted functions (Windows)
 
 The AddressSanitizer runtime hot-patches many functions to enable memory safety checks at runtime. Here's a non-exhaustive list of the functions that the AddressSanitizer runtime monitors.
