GFlags Debug access out of bounds

Source: Internet
Author: User

Yesterday, today dump, WinDbg quite unfamiliar, but also slowly know some commonly used commands, a few weeks ago heard that there are gflags such a tool, today just test.

Gflags.exe is a small tool in the <debugging tools for windows>.

Install download Link: http://msdn.microsoft.com/en-us/windows/hardware/gg463016

Once installed, set the GFlags folder (which also has a lot of good things) to the path of the environment variable to facilitate use by the command line. (My Computer--> right button-->--> advanced--> environment variable--> system variable-->path)

In the command line cmd enter: Cdb-iae.

Set CDB as the default JIT (just in time) debugger, which stops when command line execution encounters a crash.

(the last learning material in this article is quite good)

?

1 2 3 4 5 6 7 8 9 10 Test program:///////////////////////////////////////////////////////////////////////////////////int main () {char *p = n      EW Char [10];      for (int i = 0; I!= ++i) p[i] = i; return 0; } ///////////////////////////////////////////////////////////////////////////////////

This is a very simple cross-border procedure, when i = 10 o'clock, access crossed the line. But if you don't use the test tools, there's no crash. In general, the program gets 16-byte-aligned space, so P[10] accesses the space added after the alignment and does not cause a cross-border crash. But this is a hidden danger, in order to make the hidden danger as early as possible, the use of tools is a good choice.
GFlags is used to track the execution of this program, you can set each new allocated heap space to occupy a single space, and the adjacent location of the space is set to inaccessible, once the access to the border immediately triggered access to invalid error, early triggering crash.

  The test process is as follows:

1, with VC compiled release version of the executable file: Test.exe. (Note: not debug version)

2, with Gflag registration needs to monitor the executable file test.exe.

Under CMD, the input commands are as follows: gflags/p/enable test.exe/full/unaligned.

Enter to display the following information:

*************************************************************************************

Path:software\microsoft\windows nt\currentversion\image File Execution Options

Test.exe:page heap enabled.

*************************************************************************************

At this time, has been to monitor the Test.exe registration.

/p/enable is a must.

/full indicates that the allocated space is exclusive, and that adjacent spaces are inaccessible.

/unaligned the allocation of space is not aligned, to ensure that once the cross border immediately found, will not be hidden because of memory alignment.

The above is actually in the registry location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution options\ Test.exe written to the pageheapflags=0x23

3, then double-click the execution test.exe, this time, will break down:

*************************************************************************************

(17f8.5d0): Access violation-code c0000005 (!!! Second chance!!!)

Eax=0161eff6 ebx=7c80ac61 ecx=0000000a edx=015c5000 esi=00000002 edi=00000a28

eip=00401010 esp=0012ff74 ebp=0012ffc0 iopl=0 nv up ei ng nz ac pe CY

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000

WINDBGTEST!MAIN+0X10:

00401010 880C01 mov byte ptr [ecx+eax],cl ds:0023:0161f000=??

*************************************************************************************

If you put the exe in the WinDbg, use the command:!address, you can find that EAX can read and write,

EAX+ECX is not accessible:

*************************************************************************************

0:000>!address eax

015c0000:0161e000-00001000

Type 00020000 Mem_private

Protect 00000004 Page_readwrite

State 00001000 Mem_commit

Usage Regionusagepageheap

Handle 015c1000

0:000>!address EAX+ECX

015c0000:0161f000-000a1000

Type 00020000 Mem_private

Protect 00000001 page_noaccess

State 00001000 Mem_commit

Usage Regionusagepageheap

Handle 015c1000

*************************************************************************************

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.