Application Security Testing: An Integral Part of DevOps
This code is written to fix the bug in CPropertySheet::DoModal() or CPropertySheet::Create() as described in MSKB article ID: Q158552.
The description of the bug:
The suggested fix #1 in the KB article (make the .rsrc section writable) is OK but error-prone. It is not a very aestheticly pleasing solution either.
The suggested fix #2 in the KB article is nonsense - or I didn't understand correctly what it says.
The suggested fix #3 is unusable if you want to have __try/__except. Also, you can't catch access violations when the property sheet is active.
In this article, I offer another solution: I created a CSafePropertyPage class based on CPropertyPage. The one and only difference is that this modified property page uses a (potentially writable) copy of a dialog template instead of just using resource ID. It uses undocumented MFC class CDialogTemplate (defined in afxpriv.h) but you may look up the source code of CDialogTemplate and supply your own CDialogTemplate::Load if you desperately want to keep the documented/undocumented paradigm of MFC.
Attached are the source files - just include the header where you need it and use CSafePropertyPage anywhere you'd use CPropertyPage.
Last updated: 30 June 1998