Testing memory for read access

ramguru · March 08, 2007, 10:04:07 PM

I've just figured out that if you use IsBadReadPtr for testing pointer returned with MapViewOfFile, you will be very surprised what you get...
All file is loaded into memory, so lets say you opened CD image in hex editor, you expect that filemapping is quick and easy, but you're wrong it's slow and memory consuming.
Anyone knows what's unique way to test ptr, if component has no idea where it (pointer) comes from ?

sinsi · March 09, 2007, 06:48:45 AM

Write and install an exception handler?

zooba · March 09, 2007, 09:44:06 AM

Quote from: ramguru on March 08, 2007, 10:04:07 PM
if component has no idea where it (pointer) comes from ?

The best thing to do in this situation (according to Raymond Chen, can't find a direct link) is just crash.

If you don't know where the pointer has come from you can't possibly have any idea whether it is valid or not. If your library/function crashes, the person passing in the pointer will know there's something wrong and they can check their parameters. Since they own the pointer, making sure it's valid is their responsibility.

Having said that, in general an intelligent interpretation of a null pointer is often valid. For example, passing a null pointer to PrintLine doesn't crash, it just prints the newline character. (Of course, you have to specify that a null pointer is a valid value, which makes it irrelevant in a test for an invalid pointer...)

Cheers,

Zooba :U

MichaelW · March 09, 2007, 10:46:16 AM

The direct link is here. I was there a few days ago while I was trying to figure out how best to check the validity of a heap pointer.

ramguru · March 09, 2007, 01:18:18 PM

Thanks for the link to great article (good thinking: doing nothing is the best you can do) :U I'll watch his blog from now on...

u · March 10, 2007, 07:20:45 PM

wow... this explains some really impossible bugs I've encountered - all places where I use either IsBadXXXPtr at normal places, or exception-handling around dll-loading.

u · March 10, 2007, 07:29:10 PM

Hmm, let's actually test if guarded pages are called in custom SEH handlers.
starting with stack-pages,

Code Select


main proc
	.prepFatal ;// try{
		mov eax,[esp-16000]
	.doFatal ;// }catch{
		print "fatal"
	.endFatal ;// }
	
	print eax
	ret
main endp

if you remove the try-catch, same happens: our SEH handler isn't called. Let's then change the value to -17000. The program crashes without the SEH handler (it being procommented), and the SEH handler is called if enabled. So, [esp-16000] belongs to the guarding stack-page, and my SEH handler wasn't called. This on Win2kSP4.

u · March 10, 2007, 07:54:46 PM

Next test, with a large file

Code Select


main proc
	local f1,hmap,ptr1
	mov f1,fopen("e:\OneGigabyteLargeFile.bin","rb")
	;print f1
	invoke CreateFileMapping,f1,0,PAGE_READONLY,0,0,0
	mov hmap,eax
	;print hmap
	
	msgbox "waiting" ; I check with ProcessExplorer, and see 254 page-faults so far
	
	invoke MapViewOfFile,hmap,FILE_MAP_READ,0,0,0 
	mov ptr1,eax
	;print ptr1
	
	msgbox "waiting" ; 257 page-faults so far
	.prepFatal
		mov eax,ptr1
		mov eax,[eax+1000000]
	.doFatal
		;print "FATAL"
		msgbox "fatal" ; this (our SEH handler) is NOT called! 
	.endFatal
	msgbox "done" ; 258 page-faults so far. The maths is correct :)
	;print "done"
	ret
main endp

evlncrn8 · March 10, 2007, 09:47:44 PM

another alternative i guess could be to use virtualquery maybe...

ramguru · March 14, 2007, 01:39:16 PM

tehee :tdown :thumbu :lol :lol :lol :lol http://blog.yuvisense.net/2007/02/15/statbot-visits-the-old-new-thing/ so who is who :) ?

ramguru · March 14, 2007, 01:42:04 PM

However, here is he http://channel9.msdn.com/Showpost.aspx?postid=116704 :dance:

News:

Testing memory for read access

ramguru

sinsi

zooba

MichaelW

ramguru

u

u

u

evlncrn8

ramguru

ramguru