Hi Yuanhao,

1) The code comments and copy code suggest that the stacks are located low and the function is located high (good). However, the SetMemorySpaceAttributes() call un-XP's Address, which is the low address. So, do I misunderstand the changes, or are you un-XP'ing the first stack (and keep the function XP'd)?

2) The same
SetMemorySpaceAttributes() call, you now pass ApLoopFuncSize over ApSafeBufferSize. The latter was explicitly page-aligned, while the former is not. How is it guaranteed it is indeed aligned? If it is not, I don't think this is supported, at least universally.

3) Similar to 2), the stack size is much smaller than the page size, no? How do you guarantee the function is on a page boundary for memory protection?

4) A proper W^X flow should be to wait with un-XP till the CopyMem() for the
function code has returned. Right before that, the copied code should be marked read-only.

Best regards,
Marvin