EDN Admin
Well-known member
Hi, everyone! Recently I encountered the following issue: when I unload the aclui.dll (with call to the FreeLibrary), it causes the âApplication Verifierâ to stop my application with errors like this one:
<pre>=======================================
VERIFIER STOP 0000000000000900: pid 0x1854: A heap allocation was leaked.
000000000C4BEFA0 : Address of the leaked allocation. Run !heap -p -a <address> to get additional information about the allocation.
00000000004B2940 : Address to the allocation stack trace. Run dps <address> to view the allocation stack.
000000001590DFE8 : Address of the owner dll name. Run du <address> to read the dll name.
000007FEE6FC0000 : Base of the owner dll. Run .reload = <address> to reload the owner dll. Use lm to get more information about the loaded and unloaded modules.
=======================================
This verifier stop is continuable.
After debugging it use go to continue.
=======================================
[/code]
Here is how load/unload are made:
<div style="color:Black;background-color:White; <pre>
HMODULE hACLUI = LoadLibraryEx(TEXT(<span style="color:#A31515; "aclui.dll"), <span style="color:Blue; nullptr, 0);
...
<span style="color:Blue; if (hACLUI != <span style="color:Blue; nullptr)
{
FreeLibrary(hACLUI);
}
[/code]
Call "FreeLibrary(hACLUI)" fails with the previously mentioned error.
Application fails only when:
<ol>
Application Verifier is used to control the application. Security page created with CreateSecurityPage or EditSecurity function has SI_ADVANCED flag and advanced security property sheet was shown (the "Advanced" button was clicked). No fail occurs if only basic security property page was used.
</ol>
Application Verifier stops application multiple times. Each time âleaked allocationâ points to some structure, which I believe represents account information. For example first stopâs leaked memory contains:
<pre>0x000000000C4BEFA0 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 ................
0x000000000C4BEFB0 c8 ef 4b 0c 00 00 00 00 d4 ef 4b 0c 00 00 00 00 ИпK.....ФпK.....
0x000000000C4BEFC0 00 00 00 00 00 00 00 00 01 01 00 00 00 00 00 05 ................
0x000000000C4BEFD0 07 00 00 00 41 00 4e 00 4f 00 4e 00 59 00 4d 00 ....A.N.O.N.Y.M.
0x000000000C4BEFE0 4f 00 55 00 53 00 20 00 4c 00 4f 00 47 00 4f 00 O.U.S. .L.O.G.O.
0x000000000C4BEFF0 4e 00 00 00 d0 d0 d0 d0 d0 d0 d0 d0 d0 d0 d0 d0 N...РРРРРРРРРРРР
[/code]
Here is list of all "accounts names" AppVerifier stops at: Anonymous Logon, my domain specific account contained in the DACL, Everyone, Restricted, Network, Interactive, Service, Batch, Authenticated Users, Creator Owner, Creator Group (the last three contained
in the DACL), Proxy, Enterprise Domain Controllers, System, Self, Dialup, Terminal Server User, my computer domain account.
The last stop Application Verifier shows is:
<pre>=======================================
VERIFIER STOP 0000000000000901: pid 0x1854: A HANDLE was leaked.
00000000000001B0 : Value of the leaked handle. Run !htrace to get additional information about the handle if handle tracing is enabled.
00000000004CE010 : Address to the allocation stack trace. Run dps <address> to view the allocation stack.
000000001590DFE8 : Address of the owner dll name. Run du <address> to read the dll name.
000007FEE6FC0000 : Base of the owner dll. Run .reload = <address> to reload the owner dll. Use lm to get more information about the loaded and unloaded modules.
=======================================
This verifier stop is continuable.
After debugging it use go to continue.
=======================================[/code]
After this the aclui.dll is unloaded (" app.exe: Unloaded C:WindowsSystem32aclui.dll
").
Described error occurs not only with my own application code, but also with the sample, written by Kenny Kerr. Here is the link to his article "Techniques for Securing Private Objects in Your Applications" contained link to the sample:
http://msdn.microsoft.com/en-us/library/ms995350.aspx http://msdn.microsoft.com/en-us/.../ms995350.aspx (direct link to the sample:
http://download.microsoft.com/download/4/7/5/475c342e-3804-4c53-9a35-ba0849a22818/SecuringPrivateObjects.exe
http://download.microsoft.com/.../SecuringPrivateObjects.exe ).
Download the sample, unpack it, locate the EntryPoint.cpp file and the EditSecurity function at bottom of the file. Change its code from:
<div style="color:Black;background-color:White; <pre>
{
CComPtr<ISecurityInformation> info = CoSecurityInformation::CreateInstance(securityDescriptor.m_ptr,
L<span style="color:#A31515; "Widget");
Helpers::CheckError:EditSecurity(0, info));
}
[/code]
to:
<div style="color:Black;background-color:White; <pre>
{
<span style="color:Blue; typedef BOOL (WINAPI *EditSecurityFunc)(_In_ HWND, _In_ LPSECURITYINFO);
CComPtr<ISecurityInformation> info = CoSecurityInformation::CreateInstance(securityDescriptor.m_ptr,
L<span style="color:#A31515; "Widget");
HMODULE hACLUI = LoadLibraryEx(TEXT(<span style="color:#A31515; "aclui.dll"), <span style="color:Blue; nullptr, 0);
<span style="color:Blue; if (hACLUI)
{
EditSecurityFunc pEditSecurity = <span style="color:Blue; reinterpret_cast<EditSecurityFunc> (GetProcAddress(hACLUI, <span style="color:#A31515; "EditSecurity"));
<span style="color:Blue; if (pEditSecurity != <span style="color:Blue; nullptr)
{
Helpers::CheckError(((pEditSecurity)(0, info)));
}
FreeLibrary(hACLUI);
}
}
[/code]
Now locate the CoSecurityInformation.h file and remove this directive : "#pragma comment(lib, "aclui.lib")". Then reset linker output to default value: "$(OutDir)$(TargetName)$(TargetExt)".
Build the solution, add result executable file to Application Verifier with default tests and run it. When the basic security property page will be shown, press the Advanced button. Now just close all windows and AppVerifier should stop the application.
When the aclui.dll is linked statically (the aclui.lib is directly used in linker inputs) AppVerifier doesnât make any stop. But I cannot use this technique, because in this case I end up with an issue described at
http://social.msdn.microsoft.com/Forums/en-US/vcgeneral/thread/bfd8266c-685c-4320-8eba-13049357ff55
http://social.msdn.microsoft.com/Forums/...ff55 and https://connect.microsoft.com/VisualStudio/feedback/details/566531/pragma-comment-lib-and-windows-7-n-x64
https://connect.microsoft.com/...windows-7-n-x64 .
So, is this a real memory leak or just Application Verifier buzzing?
System information:
CL: 16.00.30319.01.<br/>
LINK: 10.00.30319.01.<br/>
Visual Studio Ultimate 2010 ENU.<br/>
Application Verifier 4.1.1078 (x64).<br/>
Windows 6.1 (build 7600): Windows 7 Ultimate N x64 ENU.
Thanks!
View the full article
<pre>=======================================
VERIFIER STOP 0000000000000900: pid 0x1854: A heap allocation was leaked.
000000000C4BEFA0 : Address of the leaked allocation. Run !heap -p -a <address> to get additional information about the allocation.
00000000004B2940 : Address to the allocation stack trace. Run dps <address> to view the allocation stack.
000000001590DFE8 : Address of the owner dll name. Run du <address> to read the dll name.
000007FEE6FC0000 : Base of the owner dll. Run .reload = <address> to reload the owner dll. Use lm to get more information about the loaded and unloaded modules.
=======================================
This verifier stop is continuable.
After debugging it use go to continue.
=======================================
[/code]
Here is how load/unload are made:
<div style="color:Black;background-color:White; <pre>
HMODULE hACLUI = LoadLibraryEx(TEXT(<span style="color:#A31515; "aclui.dll"), <span style="color:Blue; nullptr, 0);
...
<span style="color:Blue; if (hACLUI != <span style="color:Blue; nullptr)
{
FreeLibrary(hACLUI);
}
[/code]
Call "FreeLibrary(hACLUI)" fails with the previously mentioned error.
Application fails only when:
<ol>
Application Verifier is used to control the application. Security page created with CreateSecurityPage or EditSecurity function has SI_ADVANCED flag and advanced security property sheet was shown (the "Advanced" button was clicked). No fail occurs if only basic security property page was used.
</ol>
Application Verifier stops application multiple times. Each time âleaked allocationâ points to some structure, which I believe represents account information. For example first stopâs leaked memory contains:
<pre>0x000000000C4BEFA0 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 ................
0x000000000C4BEFB0 c8 ef 4b 0c 00 00 00 00 d4 ef 4b 0c 00 00 00 00 ИпK.....ФпK.....
0x000000000C4BEFC0 00 00 00 00 00 00 00 00 01 01 00 00 00 00 00 05 ................
0x000000000C4BEFD0 07 00 00 00 41 00 4e 00 4f 00 4e 00 59 00 4d 00 ....A.N.O.N.Y.M.
0x000000000C4BEFE0 4f 00 55 00 53 00 20 00 4c 00 4f 00 47 00 4f 00 O.U.S. .L.O.G.O.
0x000000000C4BEFF0 4e 00 00 00 d0 d0 d0 d0 d0 d0 d0 d0 d0 d0 d0 d0 N...РРРРРРРРРРРР
[/code]
Here is list of all "accounts names" AppVerifier stops at: Anonymous Logon, my domain specific account contained in the DACL, Everyone, Restricted, Network, Interactive, Service, Batch, Authenticated Users, Creator Owner, Creator Group (the last three contained
in the DACL), Proxy, Enterprise Domain Controllers, System, Self, Dialup, Terminal Server User, my computer domain account.
The last stop Application Verifier shows is:
<pre>=======================================
VERIFIER STOP 0000000000000901: pid 0x1854: A HANDLE was leaked.
00000000000001B0 : Value of the leaked handle. Run !htrace to get additional information about the handle if handle tracing is enabled.
00000000004CE010 : Address to the allocation stack trace. Run dps <address> to view the allocation stack.
000000001590DFE8 : Address of the owner dll name. Run du <address> to read the dll name.
000007FEE6FC0000 : Base of the owner dll. Run .reload = <address> to reload the owner dll. Use lm to get more information about the loaded and unloaded modules.
=======================================
This verifier stop is continuable.
After debugging it use go to continue.
=======================================[/code]
After this the aclui.dll is unloaded (" app.exe: Unloaded C:WindowsSystem32aclui.dll
").
Described error occurs not only with my own application code, but also with the sample, written by Kenny Kerr. Here is the link to his article "Techniques for Securing Private Objects in Your Applications" contained link to the sample:
http://msdn.microsoft.com/en-us/library/ms995350.aspx http://msdn.microsoft.com/en-us/.../ms995350.aspx (direct link to the sample:
http://download.microsoft.com/download/4/7/5/475c342e-3804-4c53-9a35-ba0849a22818/SecuringPrivateObjects.exe
http://download.microsoft.com/.../SecuringPrivateObjects.exe ).
Download the sample, unpack it, locate the EntryPoint.cpp file and the EditSecurity function at bottom of the file. Change its code from:
<div style="color:Black;background-color:White; <pre>
{
CComPtr<ISecurityInformation> info = CoSecurityInformation::CreateInstance(securityDescriptor.m_ptr,
L<span style="color:#A31515; "Widget");
Helpers::CheckError:EditSecurity(0, info));
}
[/code]
to:
<div style="color:Black;background-color:White; <pre>
{
<span style="color:Blue; typedef BOOL (WINAPI *EditSecurityFunc)(_In_ HWND, _In_ LPSECURITYINFO);
CComPtr<ISecurityInformation> info = CoSecurityInformation::CreateInstance(securityDescriptor.m_ptr,
L<span style="color:#A31515; "Widget");
HMODULE hACLUI = LoadLibraryEx(TEXT(<span style="color:#A31515; "aclui.dll"), <span style="color:Blue; nullptr, 0);
<span style="color:Blue; if (hACLUI)
{
EditSecurityFunc pEditSecurity = <span style="color:Blue; reinterpret_cast<EditSecurityFunc> (GetProcAddress(hACLUI, <span style="color:#A31515; "EditSecurity"));
<span style="color:Blue; if (pEditSecurity != <span style="color:Blue; nullptr)
{
Helpers::CheckError(((pEditSecurity)(0, info)));
}
FreeLibrary(hACLUI);
}
}
[/code]
Now locate the CoSecurityInformation.h file and remove this directive : "#pragma comment(lib, "aclui.lib")". Then reset linker output to default value: "$(OutDir)$(TargetName)$(TargetExt)".
Build the solution, add result executable file to Application Verifier with default tests and run it. When the basic security property page will be shown, press the Advanced button. Now just close all windows and AppVerifier should stop the application.
When the aclui.dll is linked statically (the aclui.lib is directly used in linker inputs) AppVerifier doesnât make any stop. But I cannot use this technique, because in this case I end up with an issue described at
http://social.msdn.microsoft.com/Forums/en-US/vcgeneral/thread/bfd8266c-685c-4320-8eba-13049357ff55
http://social.msdn.microsoft.com/Forums/...ff55 and https://connect.microsoft.com/VisualStudio/feedback/details/566531/pragma-comment-lib-and-windows-7-n-x64
https://connect.microsoft.com/...windows-7-n-x64 .
So, is this a real memory leak or just Application Verifier buzzing?
System information:
CL: 16.00.30319.01.<br/>
LINK: 10.00.30319.01.<br/>
Visual Studio Ultimate 2010 ENU.<br/>
Application Verifier 4.1.1078 (x64).<br/>
Windows 6.1 (build 7600): Windows 7 Ultimate N x64 ENU.
Thanks!
View the full article