3 files changed, 15 insertions, 3 deletions

diff --git a/miasm/analysis/sandbox.py b/miasm/analysis/sandbox.py
index 3040a1a8..1449d7be 100644
--- a/miasm/analysis/sandbox.py
+++ b/miasm/analysis/sandbox.py
@@ -213,6 +213,7 @@ class OS_Win(OS):
                 fstream.read(),
                 load_hdr=self.options.load_hdr,
                 name=self.fname,
+                winobjs=win_api_x86_32.winobjs,
                 **kwargs
             )
             self.name2module[fname_basename] = self.pe
@@ -227,6 +228,7 @@ class OS_Win(OS):
                     self.ALL_IMP_DLL,
                     libs,
                     self.modules_path,
+                    winobjs=win_api_x86_32.winobjs,
                     **kwargs
                 )
             )
@@ -242,6 +244,7 @@ class OS_Win(OS):
                 self.name2module,
                 libs,
                 self.modules_path,
+                winobjs=win_api_x86_32.winobjs,
                 **kwargs
             )
 
diff --git a/miasm/jitter/loader/pe.py b/miasm/jitter/loader/pe.py
index 961bfd93..73cb1367 100644
--- a/miasm/jitter/loader/pe.py
+++ b/miasm/jitter/loader/pe.py
@@ -171,7 +171,7 @@ def get_export_name_addr_list(e):
     return out
 
 
-def vm_load_pe(vm, fdata, align_s=True, load_hdr=True, name="", **kargs):
+def vm_load_pe(vm, fdata, align_s=True, load_hdr=True, name="", winobjs=None, **kargs):
     """Load a PE in memory (@vm) from a data buffer @fdata
     @vm: VmMngr instance
     @fdata: data buffer to parse
@@ -207,6 +207,9 @@ def vm_load_pe(vm, fdata, align_s=True, load_hdr=True, name="", **kargs):
                 pe.content[:hdr_len] +
                 max(0, (min_len - hdr_len)) * b"\x00"
             )
+
+            if winobjs:
+                winobjs.allocated_pages[pe.NThdr.ImageBase] = (pe.NThdr.ImageBase, len(pe_hdr))
             vm.add_memory_page(
                 pe.NThdr.ImageBase,
                 PAGE_READ | PAGE_WRITE,
@@ -237,8 +240,12 @@ def vm_load_pe(vm, fdata, align_s=True, load_hdr=True, name="", **kargs):
             attrib = PAGE_READ
             if section.flags & 0x80000000:
                 attrib |= PAGE_WRITE
+
+            section_addr = pe.rva2virt(section.addr)
+            if winobjs:
+                winobjs.allocated_pages[section_addr] = (section_addr, len(data))
             vm.add_memory_page(
-                pe.rva2virt(section.addr),
+                section_addr,
                 attrib,
                 data,
                 "%r: %r" % (name, section.name)
diff --git a/miasm/os_dep/win_api_x86_32.py b/miasm/os_dep/win_api_x86_32.py
index c1870d97..ee6db32f 100644
--- a/miasm/os_dep/win_api_x86_32.py
+++ b/miasm/os_dep/win_api_x86_32.py
@@ -759,7 +759,9 @@ def kernel32_VirtualProtect(jitter):
         jitter.vm.set_u32(args.lpfloldprotect, ACCESS_DICT_INV[old])
 
     paddr = args.lpvoid - (args.lpvoid % winobjs.alloc_align)
-    psize = args.dwsize
+    paddr_max = (args.lpvoid + args.dwsize + winobjs.alloc_align - 1)
+    paddr_max_round = paddr_max - (paddr_max % winobjs.alloc_align)
+    psize = paddr_max_round - paddr
     for addr, items in list(winobjs.allocated_pages.items()):
         alloc_addr, alloc_size = items
         if not (alloc_addr <= paddr and