Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Does Windows clear memory pages?

Tags:

memory

windows

I know that Windows has an option to clear the page file when it shuts down.

Does Windows do anything special with the actual physical/virtual memory when it goes in or out of scope?

For instance, let's say I run application A, which writes a recognizable string to a variable in memory, and then I close the application. Then I run application B. It allocates a large chunk of memory, leaves the contents uninitialized, and searches it for the known string written by application A.

Is there ANY possibility that application B will pick up the string written by application A? Or does Windows scrub the memory before making it available?

like image 980
user2258603 Avatar asked Dec 26 '22 22:12

user2258603

1 Answers

Windows does "scrub" the freed memory returned by a process before allocating it to other processes. There is a kernel thread specifically for this task alone.

The zero page thread runs at the lowest priority and is responsible for zeroing out free pages before moving them to the zeroed page list[1].

zero-page thread

Rather than worrying about retaining sensitive data in the paging file, you should be worried about continuing to retain it in memory (after use) in the first place. Clearing the page-file on shutdown is not the default behavior. Also a system crash dump will contain any sensitive info that you may have in "plain-text" in RAM.

Windows does NOT "scrub" the memory as long as it is allocated to a process (obviously). Rather it is left to the program(mer) to do so. For this very purpose one can use the SecureZeroMemory() function.

This function is defined as the RtlSecureZeroMemory() function ( see WinBase.h). The implementation of RtlSecureZeroMemory() is provided inline and can be used on any version of Windows ( see WinNT.h)

Use this function instead of ZeroMemory() when you want to ensure that your data will be overwritten promptly, as some C++ compilers can optimize a call to ZeroMemory() by removing it entirely.

WCHAR szPassword[MAX_PATH];

/* Obtain the password */
if (GetPasswordFromUser(szPassword, MAX_PATH))
{    
    UsePassword(szPassword);
}

/* Before continuing, clear the password from memory */
SecureZeroMemory(szPassword, sizeof(szPassword));

Don't forget to read this interesting article by Raymond Chen.

like image 130
TheCodeArtist Avatar answered Jan 04 '23 04:01

TheCodeArtist
Sign in to Comment

Related questions

GET_X_LPARAM gives negative value
how to launch a command window from Python
(MFC) How can a parent class receive a control's messages if the control is a private member?
Rearrange file names in Emacs [closed]
Batch File progress spinning wheel
Changing java security file in windows
event.getFile().getFileName() is returning filename with complete path in JSF2.0 with PrimeFaces 3.5
cmake find sqlite3 library on windows
How to return IGrouping from Linq query when grouping
From a Java program, portable way to write strings with accents
Windows EventLog - Event ID 0
Google App Engine PHP on windows
jump stubs in PE files
Batch File: Error in relative path , one level up from the current directory
Escape asterisk in Windows Batch File's FOR Loop
How to insert a new path into system path variable if it is not already there
Renaming files by folder hierarchy
C# - on mouseover at taskbar, a preview is generated. how can i achieve this by C# coding
C# Not Recognizing SafeTokenHandle
Can a thread call SuspendThread passing its own thread ID?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!