Fix AV in FindRealCode and increment version number#8
Conversation
| #define MyAppURL "http://vld.codeplex.com/" | ||
| #define MyAppRegKey "Software\Visual Leak Detector" | ||
| #define ConfigType "Release" | ||
| #define ConfigType "Debug" |
There was a problem hiding this comment.
Debug [](start = 20, length = 5)
Probably should leave this checked in as Release by default. #Resolved
There was a problem hiding this comment.
| { | ||
| // we need to make sure we can read the first 3 ULONG_PTRs | ||
| DWORD old_protect; | ||
| // make sure we can read the first 3 pointers |
There was a problem hiding this comment.
make sure we can read the first 3 pointers [](start = 11, length = 42)
nit: says the same thing same as last comment #Resolved
There was a problem hiding this comment.
|
|
||
| // now that we got the offset, make sure we can read the code at the offset | ||
| DWORD old_protect_2; | ||
| if (VirtualProtect(pCode, sizeof(LPVOID), PAGE_EXECUTE_READ, &old_protect_2)) |
There was a problem hiding this comment.
pCode [](start = 35, length = 5)
pNextInst + offset, here and below (or throw it in a variable for better readability) #Resolved
There was a problem hiding this comment.
| else if (*(BYTE*)pCode == 0xE9) // JMP rel32 | ||
| { | ||
| // Relative next instruction | ||
| PBYTE pNextInst = (PBYTE)((ULONG_PTR)pCode + 5); |
There was a problem hiding this comment.
[](start = 21, length = 1)
nit: random tabs detected (while you are in here making these changes) #Resolved
There was a problem hiding this comment.
| #endif | ||
| #endif | ||
|
|
||
| // have a stack local array of the addresses, don;t want to use malloc for this |
There was a problem hiding this comment.
; [](start = 53, length = 1)
nit: apostrophe #Resolved
There was a problem hiding this comment.
| #endif | ||
| #endif | ||
|
|
||
| // have a stack local array of the addresses, don;t want to use malloc for this |
There was a problem hiding this comment.
// have [](start = 4, length = 8)
Probably good to have a comment here why we cache the real addresses/VirtualProtect is expensive (for "future developers") #Resolved
There was a problem hiding this comment.
| { | ||
| // we only process MAX_PATCH_ENTRY_COUNT, if we exceed it crash | ||
| // if this abort is ever hit, it means that MAX_PATCH_ENTRY_COUNT should be bumped up | ||
| abort(); |
There was a problem hiding this comment.
abort(); [](start = 12, length = 8)
Might be nice to log it with Report() #Resolved
There was a problem hiding this comment.
|
We should tag the branch as 2.5.7 when this is merged and then upload a release with the installer binary https://github.com/Azure/vld/releases #Resolved |
|
Will do In reply to: 796335447 [](ancestors = 796335447) |
2 participants
The issue here was that FindRealCode attempts to skip over the jmp mnemonics (most likely causing issues if detouring APIs).
When reading the addresses (absolute or relative) in the code of the exporting/importing DLLs, the code would not change the protect status to make sure it can read it. In some obscure and infrequent cases the page would have PAGE_NOACCESS and then a read would cause an AV.