Re: Modifying default Win32 heap management.
- From: "James Brown" <not@xxxxxxxx>
- Date: Thu, 12 Oct 2006 10:46:49 +0100
"MJ" <art.oriented@xxxxxxxxx> wrote in message
news:1160637190.324654.304140@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello,
I'm doing some experiment about heap management on Windows. My goal
is intercepting Win32 default heap management calls and modifying its
behavior.
In Linux, what I have to do are rewriting and modifying
malloc/realloc/free functions, and intercepting these calls using
LD_PRELOAD. (Although, statically linked malloc call cannot be
intercepted.) However, such trial on Windows is quite challenge.
First, I tried to hook malloc/free calls in MSVCR*.dll by Detours of MS
Research. Then, in order to check the integrity of the hooking, I've
replaced these calls with another verified malloc implementation, Doug
Lea's 2.8.4 malloc sources, which is widely used in libc on Linux and
works on Win32 as well. Fortunately, this replacement worked without
crash (and it have to be). After, such verification, I will modify
malloc implementation for my purpose.
Applications using dynamically linked malloc/free calls can be hooked
by the above approach; however, otherwise I cannot hook the
application. There is no way to hook statically linked malloc call or
direct HeapAlloc call.
Thus, I tried to directly hook
Heap{Create/Destroy/Alloc/Free/ReAlloc/Size/Validate} functions in
Kernel32.dll in order to have more comprehensive solution.
Hooking was fine, however, mapping these Heap* interfaces to malloc one
is really difficult. The hooked application never runs successfully. It
crashed with "The application failed to initialize properly
(0xC0000142)" message.
In Heap*, there are HeapCreate/Destroy functions which seem a little
bit wired. These kind calls does not exist in malloc call. Thus, I just
ignored to hook these functions, and only intercept
HeapAlloc/ReAlloc/Free/Size/Validate calls. In these calls, I ignored
given "HANDLE hHeap", and carefully mapped HEAP_* flags semantic.
Also, in HeapFree/Validate, I used another data structure to check
given pointer. Only after confirming this given parameter was allocated
by my implementation, I freed the pointer. (The data structure does not
use hooked memory allocation calls.)
Desperately, I debugged for much time, but I cannot find why it does
not work. I also hooked related Rtl* calls and Global* calls and tried
to tweak HeapCreate/Destroy. But failed.
Is there anything that I missed or mistaken? I'd really appreciate
any advice and suggestion.
ps. Now, I'm trying to use codes from WINE project, which implemented
ntdll.dll for Linux environment. I really hope this trial would give
success. If this also fails, I only have to hook malloc/free calls.
Depending on CRT implementation, malloc/free may, or not, map to
HeapAlloc/Free. In other words, don't assume that malloc calls HeapAlloc. It
may go direct to virtual-memory (VirtualAlloc) and bypass the win32 heap
altogether. In fact, on my compiler, it does exactly that.
--
James Brown
Microsoft MVP - Windows SDK
www.catch22.net
Free Win32 Tutorials and Sourcecode
.
- Follow-Ups:
- References:
- Prev by Date: Re: Shortcomings in Win32 API docs
- Next by Date: Re: Driver: Lowering IRQLs ?
- Previous by thread: Modifying default Win32 heap management.
- Next by thread: Re: Modifying default Win32 heap management.
- Index(es):
Relevant Pages
|
