Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Pointer stability under Windows Vista

Tags:

c++

c

windows-vista

visual-studio-2005

I have been using Visual Studio 2005 under Windows XP Pro 64-bit for C and C++ projects for a while. One of the popular tricks I have been using from time to time in the debugger was to remember a numeric pointer value from the previous debugging run of the program (say 0x00000000FFAB8938), add it to watch window with a proper typecast (say, ((MyObject *) 0x00000000FFAB8938)->data_field) and then watch the memory occupied by the object during the next debugging run. In many cases this is quite a convenient and useful thing to do, since as long as the code remains unchanged, it is reasonable to expect that the allocated memory layout will remain unchanged as well. In short, it works.

However, relatively recently I started using the same version of Visual Studio on a laptop with Windows Vista (Home Premium) 64-bit. Strangely enough, it is much more difficult to use this trick in that setup. The actual memory address seems to change rather often from run to run for no apparent reason, i.e. even when the code of the program was not changed at all. It appears that the actual address is not changing entirely randomly, it just selects one value from a fixed more-or-less stable set of values, but in any case it makes it much more difficult to do this type of memory watching.

Does anyone know the reason of this behavior in Windows Vista? What is causing the change in memory layout? Is that some external intrusion into the process address space from other [system] processes? Or is it some quirk/feature of Heap API implementation under Vista? Is there any way to prevent this from happening?

like image 795
AnT Avatar asked Oct 21 '09 18:10

AnT

1 Answers

Windows Vista implements address space layout randomization, heap randomization, and stack randomization. This is a security mechanism, trying to prevent buffer overflow attacks that rely on the knowledge of where each piece of code and data is in memory.

It's possible to turn off ASLR by setting the MoveImages registry value. I couldn't find a way to disable heap randomization, but some Microsoft guy recommends computing addresses relative to _crtheap. Even if the heap moves around, the relative address may remain stable.

like image 194
Martin v. Löwis Avatar answered Sep 30 '22 23:09

Martin v. Löwis
Sign in to Comment

Related questions

Trie saves space, but how?
error: invalid initialization of reference of type 'int&' from expression of type 'const int'
C++ Segmentation Fault when using cout in static variable initialization
How to include C++ headers in an Objective C++ header?
How to use OpenSSL's SHA256 functions
Casts between pointer-to-function and pointer-to-object in C and C++
Enum Class "could not convert to unsigned int"
VS2012: 'nmake' is not recognized as an internal or external command
What is POSIX, any other interface standards which can replace it? [closed]
Win32 C++ Create a Window and Procedure Within a Class
Writing or Copying Visual C++ console output to text file
RGB2BGR option disappeared from cvtColor
cc1.exe System Error - libwinpthread-1.dll missing - But it isn't
Max In a C++ Array
CLion indexer does not resolve some includes in the project directory
How I can pass lambda expression to c++ template as parameter
Placement-new address alignment
Difference between "&&" and "and" operators [duplicate]
How can I negate a functor in C++ (STL)?
What's the proper "C++ way" to do global variables?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!