heappage.h File Reference

#include "heappagi.h"

Go to the source code of this file.

Defines
#define	DEBUG_PAGE_HEAP   1
#define	HEAP_FLAG_PAGE_ALLOCS   0x01000000
#define	HEAP_PROTECTION_ENABLED   0x02000000
#define	HEAP_BREAK_WHEN_OUT_OF_VM   0x04000000
#define	HEAP_NO_ALIGNMENT   0x08000000
#define	IS_DEBUG_PAGE_HEAP_HANDLE(HeapHandle)   (((PHEAP)(HeapHandle))->ForceFlags & HEAP_FLAG_PAGE_ALLOCS )
#define	IF_DEBUG_PAGE_HEAP_THEN_RETURN(Handle, ReturnThis)
#define	IF_DEBUG_PAGE_HEAP_THEN_CALL(Handle, CallThis)
#define	IF_DEBUG_PAGE_HEAP_THEN_BREAK(Handle, Text, ReturnThis)
Functions
PVOID	RtlpDebugPageHeapCreate (IN ULONG Flags, IN PVOID HeapBase, IN SIZE_T ReserveSize, IN SIZE_T CommitSize, IN PVOID Lock, IN PRTL_HEAP_PARAMETERS Parameters)
PVOID	RtlpDebugPageHeapAllocate (IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
BOOLEAN	RtlpDebugPageHeapFree (IN PVOID HeapHandle, IN ULONG Flags, IN PVOID Address)
PVOID	RtlpDebugPageHeapReAllocate (IN PVOID HeapHandle, IN ULONG Flags, IN PVOID Address, IN SIZE_T Size)
PVOID	RtlpDebugPageHeapDestroy (IN PVOID HeapHandle)
SIZE_T	RtlpDebugPageHeapSize (IN PVOID HeapHandle, IN ULONG Flags, IN PVOID Address)
ULONG	RtlpDebugPageHeapGetProcessHeaps (ULONG NumberOfHeaps, PVOID *ProcessHeaps)
ULONG	RtlpDebugPageHeapCompact (IN PVOID HeapHandle, IN ULONG Flags)
BOOLEAN	RtlpDebugPageHeapValidate (IN PVOID HeapHandle, IN ULONG Flags, IN PVOID Address)
NTSTATUS	RtlpDebugPageHeapWalk (IN PVOID HeapHandle, IN OUT PRTL_HEAP_WALK_ENTRY Entry)
BOOLEAN	RtlpDebugPageHeapLock (IN PVOID HeapHandle)
BOOLEAN	RtlpDebugPageHeapUnlock (IN PVOID HeapHandle)
BOOLEAN	RtlpDebugPageHeapSetUserValue (IN PVOID HeapHandle, IN ULONG Flags, IN PVOID Address, IN PVOID UserValue)
BOOLEAN	RtlpDebugPageHeapGetUserInfo (IN PVOID HeapHandle, IN ULONG Flags, IN PVOID Address, OUT PVOID *UserValue, OUT PULONG UserFlags)
BOOLEAN	RtlpDebugPageHeapSetUserFlags (IN PVOID HeapHandle, IN ULONG Flags, IN PVOID Address, IN ULONG UserFlagsReset, IN ULONG UserFlagsSet)
BOOLEAN	RtlpDebugPageHeapSerialize (IN PVOID HeapHandle)
NTSTATUS	RtlpDebugPageHeapExtend (IN PVOID HeapHandle, IN ULONG Flags, IN PVOID Base, IN SIZE_T Size)
NTSTATUS	RtlpDebugPageHeapZero (IN PVOID HeapHandle, IN ULONG Flags)
NTSTATUS	RtlpDebugPageHeapReset (IN PVOID HeapHandle, IN ULONG Flags)
NTSTATUS	RtlpDebugPageHeapUsage (IN PVOID HeapHandle, IN ULONG Flags, IN OUT PRTL_HEAP_USAGE Usage)
BOOLEAN	RtlpDebugPageHeapIsLocked (IN PVOID HeapHandle)
VOID	RtlpDebugPageHeapBreak (PCH Text)

---

Define Documentation

#define DEBUG_PAGE_HEAP   1

Definition at line 17 of file heappage.h.

#define HEAP_BREAK_WHEN_OUT_OF_VM   0x04000000

Definition at line 50 of file heappage.h. Referenced by RtlCreateHeap().

#define HEAP_FLAG_PAGE_ALLOCS   0x01000000

Definition at line 47 of file heappage.h. Referenced by RtlpDebugPageHeapCreate(), and RtlpDebugPageHeapPointerFromHandle().

#define HEAP_NO_ALIGNMENT   0x08000000

Definition at line 51 of file heappage.h. Referenced by RtlCreateHeap(), RtlpDebugPageHeapAllocate(), and RtlpDebugPageHeapCreate().

#define HEAP_PROTECTION_ENABLED   0x02000000

Definition at line 49 of file heappage.h. Referenced by RtlCreateHeap(), RtlpDebugPageHeapProtectStructures(), and RtlpDebugPageHeapUnProtectStructures().

#define IF_DEBUG_PAGE_HEAP_THEN_BREAK (  Handle, Text, ReturnThis   )

Value: { \ if ( IS_DEBUG_PAGE_HEAP_HANDLE( Handle )) \ { \ RtlpDebugPageHeapBreak( Text ); \ return ReturnThis; \ } \ } Definition at line 77 of file heappage.h.

#define IF_DEBUG_PAGE_HEAP_THEN_CALL (  Handle, CallThis   )

Value: { \ if ( IS_DEBUG_PAGE_HEAP_HANDLE( Handle )) \ { \ CallThis; \ return; \ } \ } Definition at line 67 of file heappage.h.

#define IF_DEBUG_PAGE_HEAP_THEN_RETURN (  Handle, ReturnThis   )

Value: { \ if ( IS_DEBUG_PAGE_HEAP_HANDLE( Handle )) \ { \ return ReturnThis; \ } \ } Definition at line 58 of file heappage.h. Referenced by RtlCreateTagHeap(), RtlDebugAllocateHeap(), RtlDebugCompactHeap(), RtlDebugFreeHeap(), RtlDebugGetUserInfoHeap(), RtlDebugReAllocateHeap(), RtlDebugSetUserFlagsHeap(), RtlDebugSetUserValueHeap(), RtlDebugSizeHeap(), RtlDebugUsageHeap(), RtlDebugZeroHeap(), RtlDestroyHeap(), RtlExtendHeap(), RtlLockHeap(), RtlpHeapIsLocked(), RtlpSerializeHeap(), RtlQueryTagHeap(), RtlUnlockHeap(), and RtlWalkHeap().

#define IS_DEBUG_PAGE_HEAP_HANDLE (  HeapHandle   )     (((PHEAP)(HeapHandle))->ForceFlags & HEAP_FLAG_PAGE_ALLOCS )

Definition at line 54 of file heappage.h. Referenced by RtlValidateHeap().

---

Function Documentation

PVOID RtlpDebugPageHeapAllocate (  IN PVOID  HeapHandle, IN ULONG  Flags, IN SIZE_T  Size )

Definition at line 2336 of file heappage.c. References BUMP_GLOBAL_COUNTER, BUMP_SIZE_COUNTER, DbgPrint, DEBUG_ASSERT, DEBUG_CODE, DPH_DEBUG_BREAK_FOR_SIZE_ZERO, DPH_DEBUG_INTERNAL_VALIDATION, EXIT, FALSE, HEAP_NO_ALIGNMENT, HeapHandle, IF_GENERATE_EXCEPTION, IS_BIASED_POINTER, NULL, OUT_OF_VM_BREAK, PAGE_SIZE, PROTECT_HEAP_STRUCTURES, ROUNDUP2, RtlpDebugPageHeapAllocateNode(), RtlpDebugPageHeapDecommitVM(), RtlpDebugPageHeapEnterCritSect(), RtlpDebugPageHeapFindAvailableMem(), RtlpDebugPageHeapLeaveCritSect(), RtlpDebugPageHeapPlaceOnBusyList(), RtlpDebugPageHeapPointerFromHandle(), RtlpDebugPageHeapProtectVM(), RtlpDebugPageHeapRemoveFromAvailableList(), RtlpDphDebugLevel, RtlpDphInternalValidatePageHeap(), RtlpDphLogStackTrace(), RtlpDphNormalHeapAllocate(), RtlpDphShouldAllocateInPageHeap(), RtlpDphTraceDatabase, RtlpDphWritePageHeapBlockInformation(), Size, TRUE, UNBIAS_POINTER, and UNPROTECT_HEAP_STRUCTURES. Referenced by RtlDebugAllocateHeap(), RtlpDebugPageHeapReAllocate(), RtlpDphDllcalloc(), RtlpDphDllGlobalAlloc(), RtlpDphDllHeapAlloc(), RtlpDphDllLocalAlloc(), RtlpDphDllmalloc(), RtlpDphDllNew(), RtlpDphDllNewArray(), and RtlpDphDllrealloc(). { PDPH_HEAP_ROOT HeapRoot; PDPH_HEAP_BLOCK pAvailNode; PDPH_HEAP_BLOCK pPrevAvailNode; PDPH_HEAP_BLOCK pBusyNode; SIZE_T nBytesAllocate; SIZE_T nBytesAccess; SIZE_T nActual; PVOID pVirtual; PVOID pReturn; PUCHAR pBlockHeader; ULONG Reason; BOOLEAN ForcePageHeap = FALSE; if (IS_BIASED_POINTER(HeapHandle)) { HeapHandle = UNBIAS_POINTER(HeapHandle); ForcePageHeap = TRUE; } HeapRoot = RtlpDebugPageHeapPointerFromHandle( HeapHandle ); if (HeapRoot == NULL) return NULL; // // Is zero size allocation ? // if (Size == 0) { if ((RtlpDphDebugLevel & DPH_DEBUG_BREAK_FOR_SIZE_ZERO)) { DbgPrint ("Page heap: request for zero sized block \n"); DbgBreakPoint(); } } // // Get the heap lock. // RtlpDebugPageHeapEnterCritSect( HeapRoot, Flags ); UNPROTECT_HEAP_STRUCTURES( HeapRoot ); // // We cannot validate the heap when a forced allocation into page heap // is requested due to accounting problems. Allocate is called in this way // from ReAllocate while the old node (just about to be freed) is in limbo // and is not accounted in any internal structure. // if ((RtlpDphDebugLevel & DPH_DEBUG_INTERNAL_VALIDATION) && !ForcePageHeap) { RtlpDphInternalValidatePageHeap (HeapRoot, NULL, 0); } Flags |= HeapRoot->HeapFlags; // // Compute alloc statistics. Note that we need to // take the heap lock for this and unprotect the // heap structures. // BUMP_GLOBAL_COUNTER (DPH_COUNTER_NO_OF_ALLOCS); BUMP_SIZE_COUNTER (Size); HeapRoot->Counter[DPH_COUNTER_NO_OF_ALLOCS] += 1; if (Size < 1024) { BUMP_GLOBAL_COUNTER (DPH_COUNTER_SIZE_BELOW_1K); HeapRoot->Counter[DPH_COUNTER_SIZE_BELOW_1K] += 1; } else if (Size < 4096) { BUMP_GLOBAL_COUNTER (DPH_COUNTER_SIZE_BELOW_4K); HeapRoot->Counter[DPH_COUNTER_SIZE_BELOW_4K] += 1; } else { BUMP_GLOBAL_COUNTER (DPH_COUNTER_SIZE_ABOVE_4K); HeapRoot->Counter[DPH_COUNTER_SIZE_ABOVE_4K] += 1; } // // Figure out if we need to minimize memory impact. This // might trigger an allocation in the normal heap. // if (! ForcePageHeap) { if (! (RtlpDphShouldAllocateInPageHeap (HeapRoot, Size))) { pReturn = RtlpDphNormalHeapAllocate ( HeapRoot, Flags, Size); goto EXIT; } } // // Check the heap a little bit on checked builds. // DEBUG_CODE( RtlpDebugPageHeapVerifyIntegrity( HeapRoot )); pReturn = NULL; // // Validate requested size so we don't overflow // while rounding up size computations. We do this // after we've acquired the critsect so we can still // catch serialization problems. // if (Size > 0x7FFF0000) { OUT_OF_VM_BREAK( Flags, "Page heap: Invalid allocation size\n" ); goto EXIT; } // // Determine number of pages needed for READWRITE portion // of allocation and add an extra page for the NO_ACCESS // memory beyond the READWRITE page(s). // nBytesAccess = ROUNDUP2( Size + sizeof(DPH_BLOCK_INFORMATION), PAGE_SIZE ); nBytesAllocate = nBytesAccess + PAGE_SIZE; // // RtlpDebugPageHeapFindAvailableMem will first attempt to satisfy // the request from memory on the Available list. If that fails, // it will coalesce some of the Free list memory into the Available // list and try again. If that still fails, new VM is allocated and // added to the Available list. If that fails, the function will // finally give up and return NULL. // pAvailNode = RtlpDebugPageHeapFindAvailableMem( HeapRoot, nBytesAllocate, &pPrevAvailNode, TRUE ); if (pAvailNode == NULL) { OUT_OF_VM_BREAK( Flags, "Page heap: Unable to allocate virtual memory\n" ); goto EXIT; } // // Now can't call AllocateNode until pAvailNode is // adjusted and/or removed from Avail list since AllocateNode // might adjust the Avail list. // pVirtual = pAvailNode->pVirtualBlock; if (nBytesAccess > 0) { if ((HeapRoot->ExtraFlags & PAGE_HEAP_CATCH_BACKWARD_OVERRUNS)) { if (! RtlpDebugPageHeapProtectVM( (PUCHAR)pVirtual + PAGE_SIZE, nBytesAccess, PAGE_READWRITE )) { goto EXIT; } } else { if (! RtlpDebugPageHeapProtectVM( pVirtual, nBytesAccess, PAGE_READWRITE )) { goto EXIT; } } } // // If we use uncommitted ranges we need to decommit the protection // page at the end. BAckward overruns flag disables smart memory // usage flag. // if ((HeapRoot->ExtraFlags & PAGE_HEAP_CATCH_BACKWARD_OVERRUNS)) { // nothing } else { if ((HeapRoot->ExtraFlags & PAGE_HEAP_SMART_MEMORY_USAGE)) { RtlpDebugPageHeapDecommitVM ( (PCHAR)pVirtual + nBytesAccess, PAGE_SIZE); } } // // pAvailNode (still on avail list) points to block large enough // to satisfy request, but it might be large enough to split // into two blocks -- one for request, remainder leave on // avail list. // if (pAvailNode->nVirtualBlockSize > nBytesAllocate) { // // Adjust pVirtualBlock and nVirtualBlock size of existing // node in avail list. The node will still be in correct // address space order on the avail list. This saves having // to remove and then re-add node to avail list. Note since // we're changing sizes directly, we need to adjust the // avail and busy list counters manually. // // Note: since we're leaving at least one page on the // available list, we are guaranteed that AllocateNode // will not fail. // pAvailNode->pVirtualBlock += nBytesAllocate; pAvailNode->nVirtualBlockSize -= nBytesAllocate; HeapRoot->nAvailableAllocationBytesCommitted -= nBytesAllocate; pBusyNode = RtlpDebugPageHeapAllocateNode( HeapRoot ); DEBUG_ASSERT( pBusyNode != NULL ); pBusyNode->pVirtualBlock = pVirtual; pBusyNode->nVirtualBlockSize = nBytesAllocate; } else { // // Entire avail block is needed, so simply remove it from avail list. // RtlpDebugPageHeapRemoveFromAvailableList( HeapRoot, pAvailNode, pPrevAvailNode ); pBusyNode = pAvailNode; } // // Now pBusyNode points to our committed virtual block. // if (HeapRoot->HeapFlags & HEAP_NO_ALIGNMENT) nActual = Size; else nActual = ROUNDUP2( Size, USER_ALIGNMENT ); pBusyNode->nVirtualAccessSize = nBytesAccess; pBusyNode->nUserRequestedSize = Size; pBusyNode->nUserActualSize = nActual; if ((HeapRoot->ExtraFlags & PAGE_HEAP_CATCH_BACKWARD_OVERRUNS)) { pBusyNode->pUserAllocation = pBusyNode->pVirtualBlock + PAGE_SIZE; } else { pBusyNode->pUserAllocation = pBusyNode->pVirtualBlock + pBusyNode->nVirtualAccessSize - nActual; } pBusyNode->UserValue = NULL; pBusyNode->UserFlags = Flags & HEAP_SETTABLE_USER_FLAGS; // // RtlpDebugPageHeapAllocate gets called from RtlDebugAllocateHeap, // which gets called from RtlAllocateHeapSlowly, which gets called // from RtlAllocateHeap. To keep from wasting lots of stack trace // storage, we'll skip the bottom 3 entries, leaving RtlAllocateHeap // as the first recorded entry. // if ((HeapRoot->ExtraFlags & PAGE_HEAP_COLLECT_STACK_TRACES)) { pBusyNode->StackTrace = RtlpDphLogStackTrace(3); if (pBusyNode->StackTrace) { RtlTraceDatabaseLock (RtlpDphTraceDatabase); pBusyNode->StackTrace->UserCount += 1; pBusyNode->StackTrace->UserSize += pBusyNode->nUserRequestedSize; pBusyNode->StackTrace->UserContext = HeapRoot; RtlTraceDatabaseUnlock (RtlpDphTraceDatabase); } } else { pBusyNode->StackTrace = NULL; } RtlpDebugPageHeapPlaceOnBusyList( HeapRoot, pBusyNode ); pReturn = pBusyNode->pUserAllocation; // // For requests the specify HEAP_ZERO_MEMORY, we'll fill the // user-requested portion of the block with zeros. For requests // that don't specify HEAP_ZERO_MEMORY, we fill the whole user block // with DPH_PAGE_BLOCK_INFIX. // if ((Flags & HEAP_ZERO_MEMORY)) { // // SilviuC: The call below can be saved if we have a way // to figure out if the memory for the block was freshly // virtual allocated (this is already zeroed). This has // an impact for large allocations. // RtlZeroMemory( pBusyNode->pUserAllocation, Size ); } else { RtlFillMemory( pBusyNode->pUserAllocation, Size, DPH_PAGE_BLOCK_INFIX); } if ((HeapRoot->ExtraFlags & PAGE_HEAP_CATCH_BACKWARD_OVERRUNS)) { // nothing } else { RtlpDphWritePageHeapBlockInformation ( HeapRoot, pBusyNode->pUserAllocation, Size, nBytesAccess); } EXIT: if ((RtlpDphDebugLevel & DPH_DEBUG_INTERNAL_VALIDATION) && !ForcePageHeap) { RtlpDphInternalValidatePageHeap (HeapRoot, NULL, 0); } PROTECT_HEAP_STRUCTURES( HeapRoot ); DEBUG_CODE( RtlpDebugPageHeapVerifyIntegrity( HeapRoot )); RtlpDebugPageHeapLeaveCritSect( HeapRoot ); if (pReturn == NULL) { IF_GENERATE_EXCEPTION( Flags, STATUS_NO_MEMORY ); } return pReturn; }

VOID RtlpDebugPageHeapBreak (  PCH  Text  )

Referenced by RtlpDebugPageHeapAssert(), RtlpDebugPageHeapDestroy(), RtlpDebugPageHeapEnterCritSect(), RtlpDebugPageHeapGetProcessHeaps(), and RtlpDebugPageHeapPointerFromHandle().

ULONG RtlpDebugPageHeapCompact (  IN PVOID  HeapHandle, IN ULONG  Flags )

Definition at line 3512 of file heappage.c. References HeapHandle, NULL, RtlpDebugPageHeapEnterCritSect(), RtlpDebugPageHeapLeaveCritSect(), and RtlpDebugPageHeapPointerFromHandle(). Referenced by RtlDebugCompactHeap(). { PDPH_HEAP_ROOT HeapRoot; HeapRoot = RtlpDebugPageHeapPointerFromHandle( HeapHandle ); if (HeapRoot == NULL) return 0; Flags |= HeapRoot->HeapFlags; RtlpDebugPageHeapEnterCritSect( HeapRoot, Flags ); // // Don't do anything, but we did want to acquire the critsect // in case this was called with HEAP_NO_SERIALIZE while another // thread is in the heap code. // RtlpDebugPageHeapLeaveCritSect( HeapRoot ); return 0; }

PVOID RtlpDebugPageHeapCreate (  IN ULONG  Flags, IN PVOID  HeapBase, IN SIZE_T  ReserveSize, IN SIZE_T  CommitSize, IN PVOID  Lock, IN PRTL_HEAP_PARAMETERS  Parameters )

Definition at line 1997 of file heappage.c. References DbgPrint, DEBUG_ASSERT, DEBUG_CODE, DPH_DEBUG_INTERNAL_VALIDATION, DPH_HEAP_SIGNATURE, FALSE, FILL_BYTE, HEAP_FLAG_PAGE_ALLOCS, HEAP_HANDLE_FROM_ROOT, HEAP_NO_ALIGNMENT, HeapHandle, IF_GENERATE_EXCEPTION, Lock, NtQueryPerformanceCounter(), NTSTATUS(), NULL, OUT_OF_VM_BREAK, PAGE_SIZE, POOL_SIZE, PROTECT_HEAP_STRUCTURES, RESERVE_SIZE, RETAIL_ASSERT, RtlCreateHeap(), RtlInitializeCriticalSection(), RtlInitUnicodeString(), RtlpDebugPageHeapAddNewPool(), RtlpDebugPageHeapAllocateNode(), RtlpDebugPageHeapAllocateVM(), RtlpDebugPageHeapCoalesceNodeIntoAvailable(), RtlpDebugPageHeapPlaceOnPoolList(), RtlpDebugPageHeapPlaceOnVirtualList(), RtlpDebugPageHeapProtectVM(), RtlpDebugPageHeapReleaseVM(), RtlpDphDebugLevel, RtlpDphGlobalFlags, RtlpDphHeapListCount, RtlpDphHeapListCriticalSection, RtlpDphHeapListHasBeenInitialized, RtlpDphHeapListHead, RtlpDphHeapListTail, RtlpDphInitializeDelayedFreeQueue(), RtlpDphInternalValidatePageHeap(), RtlpDphLogStackTrace(), RtlpDphTargetDlls, RtlpDphTargetDllsLogicInitialize(), RtlpDphTargetDllsUnicode, RtlpDphTraceDatabase, RtlpDphTraceDatabaseMaximumSize, Size, Status, TRUE, UNPROTECT_HEAP_STRUCTURES, and VM_UNIT_SIZE. Referenced by RtlCreateHeap(). { SYSTEM_BASIC_INFORMATION SystemInfo; PDPH_HEAP_BLOCK Node; PDPH_HEAP_ROOT HeapRoot; PVOID HeapHandle; PUCHAR pVirtual; SIZE_T nVirtual; SIZE_T Size; NTSTATUS Status; // // If `Parameters' is -1 then this is a recursive call to // RtlpDebugPageHeapCreate and we will return NULL so that // the normal heap manager will create a normal heap. // I agree this is a hack but we need this so that we maintain // a very loose dependency between the normal and page heap // manager. // if ((SIZE_T)Parameters == (SIZE_T)-1) { return NULL; } // // We don't handle heaps where HeapBase is already allocated // from user or where Lock is provided by user. // DEBUG_ASSERT( HeapBase == NULL ); DEBUG_ASSERT( Lock == NULL ); if (( HeapBase != NULL ) || ( Lock != NULL )) return NULL; // // Note that we simply ignore ReserveSize, CommitSize, and // Parameters as we always have a growable heap with our // own thresholds, etc. // ZwQuerySystemInformation( SystemBasicInformation, &SystemInfo, sizeof( SystemInfo ), NULL ); RETAIL_ASSERT( SystemInfo.PageSize == PAGE_SIZE ); RETAIL_ASSERT( SystemInfo.AllocationGranularity == VM_UNIT_SIZE ); DEBUG_ASSERT(( PAGE_SIZE + POOL_SIZE + PAGE_SIZE ) < VM_UNIT_SIZE ); nVirtual = RESERVE_SIZE; pVirtual = RtlpDebugPageHeapAllocateVM( nVirtual ); if (pVirtual == NULL) { nVirtual = VM_UNIT_SIZE; pVirtual = RtlpDebugPageHeapAllocateVM( nVirtual ); if (pVirtual == NULL) { OUT_OF_VM_BREAK( Flags, "Page heap: Insufficient memory to create heap\n" ); IF_GENERATE_EXCEPTION( Flags, STATUS_NO_MEMORY ); return NULL; } } if (! RtlpDebugPageHeapProtectVM( pVirtual, PAGE_SIZE + POOL_SIZE + PAGE_SIZE, PAGE_READWRITE )) { RtlpDebugPageHeapReleaseVM( pVirtual ); IF_GENERATE_EXCEPTION( Flags, STATUS_NO_MEMORY ); return NULL; } // // Out of our initial allocation, the initial page is the fake // retail HEAP structure. The second page begins our DPH_HEAP // structure followed by (POOL_SIZE-sizeof(DPH_HEAP)) bytes for // the initial pool. The next page contains out CRIT_SECT // variable, which must always be READWRITE. Beyond that, the // remainder of the virtual allocation is placed on the available // list. // // |_____|___________________|_____|__ _ _ _ _ _ _ _ _ _ _ _ _ __| // // ^pVirtual // // ^FakeRetailHEAP // // ^HeapRoot // // ^InitialNodePool // // ^CRITICAL_SECTION // // ^AvailableSpace // // // // Our DPH_HEAP structure starts at the page following the // fake retail HEAP structure pointed to by the "heap handle". // For the fake HEAP structure, we'll fill it with 0xEEEEEEEE // except for the Heap->Flags and Heap->ForceFlags fields, // which we must set to include our HEAP_FLAG_PAGE_ALLOCS flag, // and then we'll make the whole page read-only. // RtlFillMemory( pVirtual, PAGE_SIZE, FILL_BYTE ); ((PHEAP)pVirtual)->Flags = Flags | HEAP_FLAG_PAGE_ALLOCS; ((PHEAP)pVirtual)->ForceFlags = Flags | HEAP_FLAG_PAGE_ALLOCS; if (! RtlpDebugPageHeapProtectVM( pVirtual, PAGE_SIZE, PAGE_READONLY )) { RtlpDebugPageHeapReleaseVM( pVirtual ); IF_GENERATE_EXCEPTION( Flags, STATUS_NO_MEMORY ); return NULL; } HeapRoot = (PDPH_HEAP_ROOT)( pVirtual + PAGE_SIZE ); HeapRoot->Signature = DPH_HEAP_SIGNATURE; HeapRoot->HeapFlags = Flags; HeapRoot->HeapCritSect = (PVOID)((PCHAR)HeapRoot + POOL_SIZE ); // // Copy the page heap global flags into per heap flags. // HeapRoot->ExtraFlags = RtlpDphGlobalFlags; // // If the PAGE_HEAP_UNALIGNED_ALLOCATIONS bit is set // in ExtraFlags we will set the HEAP_NO_ALIGNMENT flag // in the HeapFlags. This last bit controls if allocations // will be aligned or not. The reason we do this transfer is // that ExtraFlags can be set from the registry whereas the // normal HeapFlags cannot. // if ((HeapRoot->ExtraFlags & PAGE_HEAP_UNALIGNED_ALLOCATIONS)) { HeapRoot->HeapFlags |= HEAP_NO_ALIGNMENT; } // // Initialize the seed for the random generator used to decide // from where should we make allocations if random decision // flag is on. // { LARGE_INTEGER PerformanceCounter; PerformanceCounter.LowPart = 0xABCDDCBA; NtQueryPerformanceCounter ( &PerformanceCounter, NULL); HeapRoot->Seed = PerformanceCounter.LowPart; } RtlZeroMemory (HeapRoot->Counter, sizeof(HeapRoot->Counter)); // // Create the normal heap associated with the page heap. // The last parameter value (-1) is very important because // it stops the recursive call into page heap create. // HeapRoot->NormalHeap = RtlCreateHeap( Flags, HeapBase, ReserveSize, CommitSize, Lock, (PRTL_HEAP_PARAMETERS)-1 ); // // Initialize heap lock. // RtlInitializeCriticalSection( HeapRoot->HeapCritSect ); // // On the page that contains our DPH_HEAP structure, use // the remaining memory beyond the DPH_HEAP structure as // pool for allocating heap nodes. // RtlpDebugPageHeapAddNewPool( HeapRoot, HeapRoot + 1, POOL_SIZE - sizeof( DPH_HEAP_ROOT ), FALSE ); // // Make initial PoolList entry by taking a node from the // UnusedNodeList, which should be guaranteed to be non-empty // since we just added new nodes to it. // Node = RtlpDebugPageHeapAllocateNode( HeapRoot ); DEBUG_ASSERT( Node != NULL ); Node->pVirtualBlock = (PVOID)HeapRoot; Node->nVirtualBlockSize = POOL_SIZE; RtlpDebugPageHeapPlaceOnPoolList( HeapRoot, Node ); // // Make VirtualStorageList entry for initial VM allocation // Node = RtlpDebugPageHeapAllocateNode( HeapRoot ); DEBUG_ASSERT( Node != NULL ); Node->pVirtualBlock = pVirtual; Node->nVirtualBlockSize = nVirtual; RtlpDebugPageHeapPlaceOnVirtualList( HeapRoot, Node ); // // Make AvailableList entry containing remainder of initial VM // and add to (create) the AvailableList. // Node = RtlpDebugPageHeapAllocateNode( HeapRoot ); DEBUG_ASSERT( Node != NULL ); Node->pVirtualBlock = pVirtual + ( PAGE_SIZE + POOL_SIZE + PAGE_SIZE ); Node->nVirtualBlockSize = nVirtual - ( PAGE_SIZE + POOL_SIZE + PAGE_SIZE ); RtlpDebugPageHeapCoalesceNodeIntoAvailable( HeapRoot, Node ); // // Get heap creation stack trace. // HeapRoot->CreateStackTrace = RtlpDphLogStackTrace(1); // // Initialize heap internal structure protection. // HeapRoot->nUnProtectionReferenceCount = 1; // initialize // // If this is the first heap creation in this process, then we // need to initialize the process heap list critical section, // the global delayed free queue for normal blocks and the // trace database. // if (! RtlpDphHeapListHasBeenInitialized) { RtlpDphHeapListHasBeenInitialized = TRUE; RtlInitializeCriticalSection( &RtlpDphHeapListCriticalSection ); RtlpDphInitializeDelayedFreeQueue (); // // Do not make fuss if the trace database creation fails. // This is something we can live with. // // The number of buckets is chosen to be a prime not too // close to a power of two (Knuth says so). Three possible // values are: 1567, 3089, 6263. // RtlpDphTraceDatabase = RtlTraceDatabaseCreate ( 6263, RtlpDphTraceDatabaseMaximumSize, 0, 0, NULL); #if DBG if (RtlpDphTraceDatabase == NULL) { DbgPrint ("Page heap: warning: failed to create trace database for %p", HeapRoot); } #endif // // Create the Unicode string containing the target dlls. // If no target dlls have been specified the string will // be initialized with the empty string. // RtlInitUnicodeString ( &RtlpDphTargetDllsUnicode, RtlpDphTargetDlls); // // Initialize the target dlls logic // RtlpDphTargetDllsLogicInitialize (); } // // Add this heap entry to the process heap linked list. // RtlEnterCriticalSection( &RtlpDphHeapListCriticalSection ); if (RtlpDphHeapListHead == NULL) { RtlpDphHeapListHead = HeapRoot; RtlpDphHeapListTail = HeapRoot; } else { HeapRoot->pPrevHeapRoot = RtlpDphHeapListTail; UNPROTECT_HEAP_STRUCTURES(RtlpDphHeapListTail); RtlpDphHeapListTail->pNextHeapRoot = HeapRoot; PROTECT_HEAP_STRUCTURES(RtlpDphHeapListTail); RtlpDphHeapListTail = HeapRoot; } PROTECT_HEAP_STRUCTURES( HeapRoot ); // now protected RtlpDphHeapListCount += 1; RtlLeaveCriticalSection( &RtlpDphHeapListCriticalSection ); DEBUG_CODE( RtlpDebugPageHeapVerifyIntegrity( HeapRoot )); DbgPrint( "Page heap: process 0x%X created heap @ %p (%p, flags 0x%X)\n", NtCurrentTeb()->ClientId.UniqueProcess, HEAP_HANDLE_FROM_ROOT( HeapRoot ), HeapRoot->NormalHeap, HeapRoot->ExtraFlags); if ((RtlpDphDebugLevel & DPH_DEBUG_INTERNAL_VALIDATION)) { RtlpDphInternalValidatePageHeap (HeapRoot, NULL, 0); } return HEAP_HANDLE_FROM_ROOT( HeapRoot ); // same as pVirtual }

PVOID RtlpDebugPageHeapDestroy (  IN PVOID  HeapHandle  )

Definition at line 3259 of file heappage.c. References DbgPrint, DEBUG_CODE, HeapHandle, NULL, RtlDeleteCriticalSection(), RtlDestroyHeap(), RtlpDebugPageHeapBreak(), RtlpDebugPageHeapEnterCritSect(), RtlpDebugPageHeapPointerFromHandle(), RtlpDebugPageHeapReleaseVM(), RtlpDphFreeDelayedBlocksFromHeap(), RtlpDphHeapListCount, RtlpDphHeapListCriticalSection, RtlpDphHeapListHead, RtlpDphHeapListTail, RtlpDphIsPageHeapBlock(), RtlpDphReportCorruptedBlock(), TRUE, and UNPROTECT_HEAP_STRUCTURES. Referenced by RtlDestroyHeap(). { PDPH_HEAP_ROOT HeapRoot; PDPH_HEAP_ROOT PrevHeapRoot; PDPH_HEAP_ROOT NextHeapRoot; PDPH_HEAP_BLOCK Node; PDPH_HEAP_BLOCK Next; ULONG Flags; PUCHAR p; ULONG Reason; PVOID NormalHeap; if (HeapHandle == RtlProcessHeap()) { RtlpDebugPageHeapBreak( "Page heap: Attempt to destroy process heap\n" ); return NULL; } HeapRoot = RtlpDebugPageHeapPointerFromHandle( HeapHandle ); if (HeapRoot == NULL) return NULL; Flags = HeapRoot->HeapFlags | HEAP_NO_SERIALIZE; RtlpDebugPageHeapEnterCritSect( HeapRoot, Flags ); DEBUG_CODE( RtlpDebugPageHeapVerifyIntegrity( HeapRoot )); UNPROTECT_HEAP_STRUCTURES( HeapRoot ); // // Save normal heap pointer for later. // NormalHeap = HeapRoot->NormalHeap; // // Walk all busy allocations and check for tail fill corruption // Node = HeapRoot->pBusyAllocationListHead; while (Node) { if (! (HeapRoot->ExtraFlags & PAGE_HEAP_CATCH_BACKWARD_OVERRUNS)) { if (! (RtlpDphIsPageHeapBlock (HeapRoot, Node->pUserAllocation, &Reason, TRUE))) { RtlpDphReportCorruptedBlock (Node->pUserAllocation, Reason); } } Node = Node->pNextAlloc; } // // Remove this heap entry from the process heap linked list. // RtlEnterCriticalSection( &RtlpDphHeapListCriticalSection ); if (HeapRoot->pPrevHeapRoot) { HeapRoot->pPrevHeapRoot->pNextHeapRoot = HeapRoot->pNextHeapRoot; } else { RtlpDphHeapListHead = HeapRoot->pNextHeapRoot; } if (HeapRoot->pNextHeapRoot) { HeapRoot->pNextHeapRoot->pPrevHeapRoot = HeapRoot->pPrevHeapRoot; } else { RtlpDphHeapListTail = HeapRoot->pPrevHeapRoot; } RtlpDphHeapListCount--; RtlLeaveCriticalSection( &RtlpDphHeapListCriticalSection ); // // Must release critical section before deleting it; otherwise, // checked build Teb->CountOfOwnedCriticalSections gets out of sync. // RtlLeaveCriticalSection( HeapRoot->HeapCritSect ); RtlDeleteCriticalSection( HeapRoot->HeapCritSect ); // // This is weird. A virtual block might contain storage for // one of the nodes necessary to walk this list. In fact, // we're guaranteed that the root node contains at least one // virtual alloc node. // // Each time we alloc new VM, we make that the head of the // of the VM list, like a LIFO structure. I think we're ok // because no VM list node should be on a subsequently alloc'd // VM -- only a VM list entry might be on its own memory (as // is the case for the root node). We read pNode->pNextAlloc // before releasing the VM in case pNode existed on that VM. // I think this is safe -- as long as the VM list is LIFO and // we don't do any list reorganization. // Node = HeapRoot->pVirtualStorageListHead; while (Node) { Next = Node->pNextAlloc; if (! RtlpDebugPageHeapReleaseVM( Node->pVirtualBlock )) { RtlpDebugPageHeapBreak( "Page heap: Unable to release virtual memory\n" ); } Node = Next; } // // Free all blocks in the delayed free queue that belong to the // normal heap just about to be destroyed. Note that this is // not a bug. The application freed the blocks correctly but // we delayed the free operation. // RtlpDphFreeDelayedBlocksFromHeap (HeapRoot, NormalHeap); // // Destroy normal heap. Note that this will not make a recursive // call into this function because this is not a page heap and // code in NT heap manager will detect this. // RtlDestroyHeap (NormalHeap); // // That's it. All the VM, including the root node, should now // be released. RtlDestroyHeap always returns NULL. // DbgPrint( "Page heap: process 0x%X destroyed heap @ %p (%p)\n", NtCurrentTeb()->ClientId.UniqueProcess, HeapRoot, NormalHeap); return NULL; }

NTSTATUS RtlpDebugPageHeapExtend (  IN PVOID  HeapHandle, IN ULONG  Flags, IN PVOID  Base, IN SIZE_T  Size )

Definition at line 3817 of file heappage.c. Referenced by RtlExtendHeap(). { return STATUS_SUCCESS; }

BOOLEAN RtlpDebugPageHeapFree (  IN PVOID  HeapHandle, IN ULONG  Flags, IN PVOID  Address )

Definition at line 2693 of file heappage.c. References BUMP_GLOBAL_COUNTER, DbgPrint, DEBUG_CODE, DPH_DEBUG_BREAK_FOR_NULL_FREE, DPH_DEBUG_INTERNAL_VALIDATION, EXIT, FALSE, HeapHandle, IF_GENERATE_EXCEPTION, NULL, PAGE_SIZE, PROTECT_HEAP_STRUCTURES, RtlpDebugPageHeapDecommitVM(), RtlpDebugPageHeapEnterCritSect(), RtlpDebugPageHeapFindBusyMem(), RtlpDebugPageHeapLeaveCritSect(), RtlpDebugPageHeapPlaceOnFreeList(), RtlpDebugPageHeapPointerFromHandle(), RtlpDebugPageHeapProtectVM(), RtlpDebugPageHeapRemoveFromBusyList(), RtlpDphDebugLevel, RtlpDphInternalValidatePageHeap(), RtlpDphIsPageHeapBlock(), RtlpDphLogStackTrace(), RtlpDphNormalHeapFree(), RtlpDphReportCorruptedBlock(), RtlpDphTraceDatabase, TRUE, and UNPROTECT_HEAP_STRUCTURES. Referenced by RtlDebugFreeHeap(), RtlpDphDllDelete(), RtlpDphDllDeleteArray(), RtlpDphDllfree(), RtlpDphDllGlobalFree(), RtlpDphDllHeapFree(), and RtlpDphDllLocalFree(). { PDPH_HEAP_ROOT HeapRoot; PDPH_HEAP_BLOCK Node, Prev; BOOLEAN Success; PCH p; ULONG Reason; // // Check if null frees are of any concern. // if (Address == NULL) { if ((RtlpDphDebugLevel & DPH_DEBUG_BREAK_FOR_NULL_FREE)) { DbgPrint ("Page heap: attempt to free null pointer \n"); DbgBreakPoint(); } // // For C++ apps that delete NULL this is valid. // return TRUE; } HeapRoot = RtlpDebugPageHeapPointerFromHandle( HeapHandle ); if (HeapRoot == NULL) return FALSE; // // Acquire heap lock and unprotect heap structures. // RtlpDebugPageHeapEnterCritSect( HeapRoot, Flags ); DEBUG_CODE( RtlpDebugPageHeapVerifyIntegrity( HeapRoot )); UNPROTECT_HEAP_STRUCTURES( HeapRoot ); if ((RtlpDphDebugLevel & DPH_DEBUG_INTERNAL_VALIDATION)) { RtlpDphInternalValidatePageHeap (HeapRoot, NULL, 0); } Flags |= HeapRoot->HeapFlags; // // Compute free statistics // BUMP_GLOBAL_COUNTER (DPH_COUNTER_NO_OF_FREES); HeapRoot->Counter[DPH_COUNTER_NO_OF_FREES] += 1; Success = FALSE; Node = RtlpDebugPageHeapFindBusyMem( HeapRoot, Address, &Prev ); if (Node == NULL) { // // No wonder we did not find the block in the page heap // structures because the block was probably allocated // from the normal heap. Or there is a real bug. // If there is a bug NormalHeapFree will break into debugger. // Success = RtlpDphNormalHeapFree ( HeapRoot, Flags, Address); goto EXIT; } // // If tail was allocated, make sure filler not overwritten // if ((HeapRoot->ExtraFlags & PAGE_HEAP_CATCH_BACKWARD_OVERRUNS)) { if (Node->nVirtualAccessSize > 0) { RtlpDebugPageHeapProtectVM( Node->pVirtualBlock + PAGE_SIZE, Node->nVirtualAccessSize, PAGE_NOACCESS ); } } else { // // (SilviuC): This can be done at the beginning of the function. // if (! (RtlpDphIsPageHeapBlock (HeapRoot, Address, &Reason, TRUE))) { RtlpDphReportCorruptedBlock (Address, Reason); } if (Node->nVirtualAccessSize > 0) { // // Mark the block as freed. The information is gone if we // will decommit the region but will remain if smart memory // flag is not set and can help debug failures. // { PDPH_BLOCK_INFORMATION Info = (PDPH_BLOCK_INFORMATION)(Node->pUserAllocation); Info -= 1; Info->StartStamp -= 1; Info->EndStamp -= 1; } RtlpDebugPageHeapProtectVM( Node->pVirtualBlock, Node->nVirtualAccessSize, PAGE_NOACCESS ); } } RtlpDebugPageHeapRemoveFromBusyList( HeapRoot, Node, Prev ); // // If we use uncommitted ranges we need to decommit the memory // range now for the allocation. Note that the next page (guard) // was already decommitted when we allocated the block. // if ((HeapRoot->ExtraFlags & PAGE_HEAP_CATCH_BACKWARD_OVERRUNS)) { // nothing } else { if ((HeapRoot->ExtraFlags & PAGE_HEAP_SMART_MEMORY_USAGE)) { RtlpDebugPageHeapDecommitVM ( Node->pVirtualBlock, Node->nVirtualAccessSize); } } RtlpDebugPageHeapPlaceOnFreeList( HeapRoot, Node ); // // RtlpDebugPageHeapFree gets called from RtlDebugFreeHeap, which // gets called from RtlFreeHeapSlowly, which gets called from // RtlFreeHeap. To keep from wasting lots of stack trace storage, // we'll skip the bottom 3 entries, leaving RtlFreeHeap as the // first recorded entry. // if ((HeapRoot->ExtraFlags & PAGE_HEAP_COLLECT_STACK_TRACES)) { if (Node->StackTrace) { RtlTraceDatabaseLock (RtlpDphTraceDatabase); if (Node->StackTrace->UserCount > 0) { Node->StackTrace->UserCount -= 1; } if (Node->StackTrace->UserSize >= Node->nUserRequestedSize) { Node->StackTrace->UserSize -= Node->nUserRequestedSize; } RtlTraceDatabaseUnlock (RtlpDphTraceDatabase); } Node->StackTrace = RtlpDphLogStackTrace(3); } else { Node->StackTrace = NULL; } Success = TRUE; EXIT: if ((RtlpDphDebugLevel & DPH_DEBUG_INTERNAL_VALIDATION)) { RtlpDphInternalValidatePageHeap (HeapRoot, NULL, 0); } PROTECT_HEAP_STRUCTURES( HeapRoot ); DEBUG_CODE( RtlpDebugPageHeapVerifyIntegrity( HeapRoot )); RtlpDebugPageHeapLeaveCritSect( HeapRoot ); if (! Success) { IF_GENERATE_EXCEPTION( Flags, STATUS_ACCESS_VIOLATION ); } return Success; }

ULONG RtlpDebugPageHeapGetProcessHeaps (  ULONG  NumberOfHeaps, PVOID *  ProcessHeaps )

Definition at line 3458 of file heappage.c. References Count, HEAP_HANDLE_FROM_ROOT, NULL, RtlInitializeCriticalSection(), RtlpDebugPageHeapBreak(), RtlpDphHeapListCount, RtlpDphHeapListCriticalSection, RtlpDphHeapListHasBeenInitialized, RtlpDphHeapListHead, and TRUE. Referenced by RtlGetProcessHeaps(). { PDPH_HEAP_ROOT HeapRoot; ULONG Count; // // Although we'd expect GetProcessHeaps never to be called // before at least the very first heap creation, we should // still be safe and initialize the critical section if // necessary. // if (! RtlpDphHeapListHasBeenInitialized) { RtlpDphHeapListHasBeenInitialized = TRUE; RtlInitializeCriticalSection( &RtlpDphHeapListCriticalSection ); } RtlEnterCriticalSection( &RtlpDphHeapListCriticalSection ); if (RtlpDphHeapListCount <= NumberOfHeaps) { for (HeapRoot = RtlpDphHeapListHead, Count = 0; HeapRoot != NULL; HeapRoot = HeapRoot->pNextHeapRoot, Count += 1) { *ProcessHeaps++ = HEAP_HANDLE_FROM_ROOT( HeapRoot ); } if (Count != RtlpDphHeapListCount) { RtlpDebugPageHeapBreak( "Page heap: BUG: process heap list count wrong\n" ); } } else { // // User's buffer is too small. Return number of entries // necessary for subsequent call to succeed. Buffer // remains untouched. // Count = RtlpDphHeapListCount; } RtlLeaveCriticalSection( &RtlpDphHeapListCriticalSection ); return Count; }

BOOLEAN RtlpDebugPageHeapGetUserInfo (  IN PVOID  HeapHandle, IN ULONG  Flags, IN PVOID  Address, OUT PVOID *  UserValue, OUT PULONG  UserFlags )

Definition at line 3683 of file heappage.c. References EXIT, FALSE, HeapHandle, NULL, PROTECT_HEAP_STRUCTURES, RtlpDebugPageHeapEnterCritSect(), RtlpDebugPageHeapFindBusyMem(), RtlpDebugPageHeapLeaveCritSect(), RtlpDebugPageHeapPointerFromHandle(), RtlpDphNormalHeapGetUserInfo(), TRUE, and UNPROTECT_HEAP_STRUCTURES. Referenced by RtlDebugGetUserInfoHeap(). { PDPH_HEAP_ROOT HeapRoot; PDPH_HEAP_BLOCK Node; BOOLEAN Success; Success = FALSE; HeapRoot = RtlpDebugPageHeapPointerFromHandle( HeapHandle ); if ( HeapRoot == NULL ) return Success; Flags |= HeapRoot->HeapFlags; RtlpDebugPageHeapEnterCritSect( HeapRoot, Flags ); UNPROTECT_HEAP_STRUCTURES( HeapRoot ); Node = RtlpDebugPageHeapFindBusyMem( HeapRoot, Address, NULL ); if ( Node == NULL ) { // // If we cannot find the node in page heap structures it might be // because it has been allocated from normal heap. // Success = RtlpDphNormalHeapGetUserInfo ( HeapRoot, Flags, Address, UserValue, UserFlags); goto EXIT; } else { if ( UserValue != NULL ) *UserValue = Node->UserValue; if ( UserFlags != NULL ) *UserFlags = Node->UserFlags; Success = TRUE; } EXIT: PROTECT_HEAP_STRUCTURES( HeapRoot ); RtlpDebugPageHeapLeaveCritSect( HeapRoot ); return Success; }

BOOLEAN RtlpDebugPageHeapIsLocked (  IN PVOID  HeapHandle  )

Definition at line 3883 of file heappage.c. References FALSE, HeapHandle, NULL, RtlpDebugPageHeapPointerFromHandle(), and TRUE. Referenced by RtlpHeapIsLocked(). { PDPH_HEAP_ROOT HeapRoot; HeapRoot = RtlpDebugPageHeapPointerFromHandle( HeapHandle ); if ( HeapRoot == NULL ) return FALSE; if ( RtlTryEnterCriticalSection( HeapRoot->HeapCritSect )) { RtlLeaveCriticalSection( HeapRoot->HeapCritSect ); return FALSE; } else { return TRUE; } }

BOOLEAN RtlpDebugPageHeapLock (  IN PVOID  HeapHandle  )

Definition at line 3595 of file heappage.c. References FALSE, HeapHandle, NULL, RtlpDebugPageHeapEnterCritSect(), RtlpDebugPageHeapPointerFromHandle(), and TRUE. Referenced by RtlLockHeap(). { PDPH_HEAP_ROOT HeapRoot; HeapRoot = RtlpDebugPageHeapPointerFromHandle( HeapHandle ); if (HeapRoot == NULL) { return FALSE; } RtlpDebugPageHeapEnterCritSect( HeapRoot, HeapRoot->HeapFlags ); return TRUE; }

PVOID RtlpDebugPageHeapReAllocate (  IN PVOID  HeapHandle, IN ULONG  Flags, IN PVOID  Address, IN SIZE_T  Size )

Definition at line 2895 of file heappage.c. References BIAS_POINTER, BUMP_GLOBAL_COUNTER, BUMP_SIZE_COUNTER, DbgPrint, DEBUG_ASSERT, DEBUG_CODE, DPH_DEBUG_BREAK_FOR_SIZE_ZERO, DPH_DEBUG_INTERNAL_VALIDATION, EXCEPTION_EXECUTE_HANDLER, EXIT, FALSE, HeapHandle, IF_GENERATE_EXCEPTION, IS_BIASED_POINTER, NULL, OUT_OF_VM_BREAK, PROTECT_HEAP_STRUCTURES, RETAIL_ASSERT, RtlpDebugPageHeapAllocate(), RtlpDebugPageHeapDecommitVM(), RtlpDebugPageHeapEnterCritSect(), RtlpDebugPageHeapFindBusyMem(), RtlpDebugPageHeapLeaveCritSect(), RtlpDebugPageHeapPlaceOnBusyList(), RtlpDebugPageHeapPlaceOnFreeList(), RtlpDebugPageHeapPointerFromHandle(), RtlpDebugPageHeapProtectVM(), RtlpDebugPageHeapRemoveFromBusyList(), RtlpDphDebugLevel, RtlpDphInternalValidatePageHeap(), RtlpDphIsPageHeapBlock(), RtlpDphLogStackTrace(), RtlpDphNormalHeapAllocate(), RtlpDphNormalHeapReAllocate(), RtlpDphReportCorruptedBlock(), RtlpDphShouldAllocateInPageHeap(), RtlpDphTraceDatabase, Size, TRUE, UNBIAS_POINTER, and UNPROTECT_HEAP_STRUCTURES. Referenced by RtlDebugReAllocateHeap(), RtlpDphDllGlobalReAlloc(), RtlpDphDllHeapReAlloc(), RtlpDphDllLocalReAlloc(), and RtlpDphDllrealloc(). { PDPH_HEAP_ROOT HeapRoot; PDPH_HEAP_BLOCK OldNode, OldPrev, NewNode; PVOID NewAddress; PUCHAR p; SIZE_T CopyDataSize; ULONG SaveFlags; BOOLEAN ReallocInNormalHeap = FALSE; ULONG Reason; BOOLEAN ForcePageHeap = FALSE; BOOLEAN OriginalAllocationInPageHeap = FALSE; if (IS_BIASED_POINTER(HeapHandle)) { HeapHandle = UNBIAS_POINTER(HeapHandle); ForcePageHeap = TRUE; } // // Is zero size allocation ? // if (Size == 0) { if ((RtlpDphDebugLevel & DPH_DEBUG_BREAK_FOR_SIZE_ZERO)) { DbgPrint ("Page heap: request for zero sized block \n"); DbgBreakPoint(); } } HeapRoot = RtlpDebugPageHeapPointerFromHandle( HeapHandle ); if (HeapRoot == NULL) return NULL; // // Get heap lock and unprotect heap structures. // RtlpDebugPageHeapEnterCritSect( HeapRoot, Flags ); DEBUG_CODE( RtlpDebugPageHeapVerifyIntegrity( HeapRoot )); UNPROTECT_HEAP_STRUCTURES( HeapRoot ); if ((RtlpDphDebugLevel & DPH_DEBUG_INTERNAL_VALIDATION)) { RtlpDphInternalValidatePageHeap (HeapRoot, NULL, 0); } Flags |= HeapRoot->HeapFlags; // // Compute realloc statistics // BUMP_GLOBAL_COUNTER (DPH_COUNTER_NO_OF_REALLOCS); BUMP_SIZE_COUNTER (Size); HeapRoot->Counter[DPH_COUNTER_NO_OF_REALLOCS] += 1; if (Size < 1024) { BUMP_GLOBAL_COUNTER (DPH_COUNTER_SIZE_BELOW_1K); HeapRoot->Counter[DPH_COUNTER_SIZE_BELOW_1K] += 1; } else if (Size < 4096) { BUMP_GLOBAL_COUNTER (DPH_COUNTER_SIZE_BELOW_4K); HeapRoot->Counter[DPH_COUNTER_SIZE_BELOW_4K] += 1; } else { BUMP_GLOBAL_COUNTER (DPH_COUNTER_SIZE_ABOVE_4K); HeapRoot->Counter[DPH_COUNTER_SIZE_ABOVE_4K] += 1; } NewAddress = NULL; // // Check Flags for non-moveable reallocation and fail it // unconditionally. Apps that specify this flag should be // prepared to deal with failure anyway. // if (Flags & HEAP_REALLOC_IN_PLACE_ONLY) { goto EXIT; } // // Validate requested size so we don't overflow // while rounding up size computations. We do this // after we've acquired the critsect so we can still // catch serialization problems. // if (Size > 0x7FFF0000) { OUT_OF_VM_BREAK( Flags, "Page heap: Invalid allocation size\n" ); goto EXIT; } OldNode = RtlpDebugPageHeapFindBusyMem( HeapRoot, Address, &OldPrev ); if (OldNode) { OriginalAllocationInPageHeap = TRUE; } if (OldNode == NULL) { // // No wonder we did not find the block in the page heap // structures because the block was probably allocated // from the normal heap. Or there is a real bug. If there // is a bug NormalHeapReAllocate will break into debugger. // NewAddress = RtlpDphNormalHeapReAllocate ( HeapRoot, Flags, Address, Size); goto EXIT; } // // If tail was allocated, make sure filler not overwritten // if ((HeapRoot->ExtraFlags & PAGE_HEAP_CATCH_BACKWARD_OVERRUNS)) { // nothing } else { // // (SilviuC): This can be done at the beginning of the function. // if (! (RtlpDphIsPageHeapBlock (HeapRoot, Address, &Reason, TRUE))) { RtlpDphReportCorruptedBlock (Address, Reason); } } // // Before allocating a new block, remove the old block from // the busy list. When we allocate the new block, the busy // list pointers will change, possibly leaving our acquired // Prev pointer invalid. // RtlpDebugPageHeapRemoveFromBusyList( HeapRoot, OldNode, OldPrev ); // // Allocate new memory for new requested size. Use try/except // to trap exception if Flags caused out-of-memory exception. // try { if (!ForcePageHeap && !(RtlpDphShouldAllocateInPageHeap (HeapRoot, Size))) { NewAddress = RtlpDphNormalHeapAllocate ( HeapRoot, Flags, Size); ReallocInNormalHeap = TRUE; } else { // // Force the allocation in page heap by biasing // the heap handle. Validate the heap here since when we use // biased pointers validation inside Allocate is disabled. // if ((RtlpDphDebugLevel & DPH_DEBUG_INTERNAL_VALIDATION)) { RtlpDphInternalValidatePageHeap (HeapRoot, OldNode->pVirtualBlock, OldNode->nVirtualBlockSize); } NewAddress = RtlpDebugPageHeapAllocate( BIAS_POINTER(HeapHandle), Flags, Size); if ((RtlpDphDebugLevel & DPH_DEBUG_INTERNAL_VALIDATION)) { RtlpDphInternalValidatePageHeap (HeapRoot, OldNode->pVirtualBlock, OldNode->nVirtualBlockSize); } ReallocInNormalHeap = FALSE; } } except( EXCEPTION_EXECUTE_HANDLER ) { } // // We managed to make a new allocation (normal or page heap). // Now we need to copy from old to new all sorts of stuff // (contents, user flags/values). // if (NewAddress) { // // Copy old block contents into the new node. // CopyDataSize = OldNode->nUserRequestedSize; if (CopyDataSize > Size) { CopyDataSize = Size; } if (CopyDataSize > 0) { RtlCopyMemory( NewAddress, Address, CopyDataSize ); } // // If new allocation was done in page heap we need to detect the new node // and copy over user flags/values. // if (! ReallocInNormalHeap) { NewNode = RtlpDebugPageHeapFindBusyMem( HeapRoot, NewAddress, NULL ); // // This block could not be in normal heap therefore from this // respect the call above should always succeed. // DEBUG_ASSERT( NewNode != NULL ); NewNode->UserValue = OldNode->UserValue; NewNode->UserFlags = ( Flags & HEAP_SETTABLE_USER_FLAGS ) ? ( Flags & HEAP_SETTABLE_USER_FLAGS ) : OldNode->UserFlags; } // // We need to cover the case where old allocation was in page heap. // In this case we still need to cleanup the old node and // insert it back in free list. Actually the way the code is written // we take this code path only if original allocation was in page heap. // This is the reason for the assert. // RETAIL_ASSERT (OriginalAllocationInPageHeap); if (OriginalAllocationInPageHeap) { if (OldNode->nVirtualAccessSize > 0) { RtlpDebugPageHeapProtectVM( OldNode->pVirtualBlock, OldNode->nVirtualAccessSize, PAGE_NOACCESS ); } // // If we use uncommitted ranges we need to decommit the memory // range now. Note that the next page (guard) was already decommitted // when we made the allocation. // if ((HeapRoot->ExtraFlags & PAGE_HEAP_CATCH_BACKWARD_OVERRUNS)) { // nothing } else { if ((HeapRoot->ExtraFlags & PAGE_HEAP_SMART_MEMORY_USAGE)) { RtlpDebugPageHeapDecommitVM ( OldNode->pVirtualBlock, OldNode->nVirtualAccessSize); } } RtlpDebugPageHeapPlaceOnFreeList( HeapRoot, OldNode ); // // RtlpDebugPageHeapReAllocate gets called from RtlDebugReAllocateHeap, // which gets called from RtlReAllocateHeap. To keep from wasting // lots of stack trace storage, we'll skip the bottom 2 entries, // leaving RtlReAllocateHeap as the first recorded entry in the // freed stack trace. // // Note. For realloc we need to do the accounting for free in the // trace block. The accounting for alloc is done in the real // alloc operation which always happens for page heap reallocs. // if ((HeapRoot->ExtraFlags & PAGE_HEAP_COLLECT_STACK_TRACES)) { if (OldNode->StackTrace) { RtlTraceDatabaseLock (RtlpDphTraceDatabase); if (OldNode->StackTrace->UserCount > 0) { OldNode->StackTrace->UserCount -= 1; } if (OldNode->StackTrace->UserSize >= OldNode->nUserRequestedSize) { OldNode->StackTrace->UserSize -= OldNode->nUserRequestedSize; } RtlTraceDatabaseUnlock (RtlpDphTraceDatabase); } OldNode->StackTrace = RtlpDphLogStackTrace(2); } else { OldNode->StackTrace = NULL; } } } else { // // Failed to allocate a new block. Return old block to busy list. // if (OriginalAllocationInPageHeap) { RtlpDebugPageHeapPlaceOnBusyList( HeapRoot, OldNode ); } } EXIT: if ((RtlpDphDebugLevel & DPH_DEBUG_INTERNAL_VALIDATION)) { RtlpDphInternalValidatePageHeap (HeapRoot, NULL, 0); } PROTECT_HEAP_STRUCTURES( HeapRoot ); DEBUG_CODE( RtlpDebugPageHeapVerifyIntegrity( HeapRoot )); RtlpDebugPageHeapLeaveCritSect( HeapRoot ); if (NewAddress == NULL) { IF_GENERATE_EXCEPTION( Flags, STATUS_NO_MEMORY ); } return NewAddress; }

NTSTATUS RtlpDebugPageHeapReset (  IN PVOID  HeapHandle, IN ULONG  Flags )

Definition at line 3837 of file heappage.c. { return STATUS_SUCCESS; }

BOOLEAN RtlpDebugPageHeapSerialize (  IN PVOID  HeapHandle  )

Definition at line 3795 of file heappage.c. References FALSE, HeapHandle, NULL, PROTECT_HEAP_STRUCTURES, RtlpDebugPageHeapEnterCritSect(), RtlpDebugPageHeapLeaveCritSect(), RtlpDebugPageHeapPointerFromHandle(), TRUE, and UNPROTECT_HEAP_STRUCTURES. Referenced by RtlpSerializeHeap(). { PDPH_HEAP_ROOT HeapRoot; HeapRoot = RtlpDebugPageHeapPointerFromHandle( HeapHandle ); if ( HeapRoot == NULL ) return FALSE; RtlpDebugPageHeapEnterCritSect( HeapRoot, 0 ); UNPROTECT_HEAP_STRUCTURES( HeapRoot ); HeapRoot->HeapFlags &= ~HEAP_NO_SERIALIZE; PROTECT_HEAP_STRUCTURES( HeapRoot ); RtlpDebugPageHeapLeaveCritSect( HeapRoot ); return TRUE; }

BOOLEAN RtlpDebugPageHeapSetUserFlags (  IN PVOID  HeapHandle, IN ULONG  Flags, IN PVOID  Address, IN ULONG  UserFlagsReset, IN ULONG  UserFlagsSet )

Definition at line 3740 of file heappage.c. References EXIT, FALSE, HeapHandle, NULL, PROTECT_HEAP_STRUCTURES, RtlpDebugPageHeapEnterCritSect(), RtlpDebugPageHeapFindBusyMem(), RtlpDebugPageHeapLeaveCritSect(), RtlpDebugPageHeapPointerFromHandle(), RtlpDphNormalHeapSetUserFlags(), TRUE, and UNPROTECT_HEAP_STRUCTURES. Referenced by RtlDebugSetUserFlagsHeap(). { PDPH_HEAP_ROOT HeapRoot; PDPH_HEAP_BLOCK Node; BOOLEAN Success; Success = FALSE; HeapRoot = RtlpDebugPageHeapPointerFromHandle( HeapHandle ); if ( HeapRoot == NULL ) return Success; Flags |= HeapRoot->HeapFlags; RtlpDebugPageHeapEnterCritSect( HeapRoot, Flags ); UNPROTECT_HEAP_STRUCTURES( HeapRoot ); Node = RtlpDebugPageHeapFindBusyMem( HeapRoot, Address, NULL ); if ( Node == NULL ) { // // If we cannot find the node in page heap structures it might be // because it has been allocated from normal heap. // Success = RtlpDphNormalHeapSetUserFlags ( HeapRoot, Flags, Address, UserFlagsReset, UserFlagsSet); goto EXIT; } else { Node->UserFlags &= ~( UserFlagsReset ); Node->UserFlags |= UserFlagsSet; Success = TRUE; } EXIT: PROTECT_HEAP_STRUCTURES( HeapRoot ); RtlpDebugPageHeapLeaveCritSect( HeapRoot ); return Success; }

BOOLEAN RtlpDebugPageHeapSetUserValue (  IN PVOID  HeapHandle, IN ULONG  Flags, IN PVOID  Address, IN PVOID  UserValue )

Definition at line 3631 of file heappage.c. References EXIT, FALSE, HeapHandle, NULL, PROTECT_HEAP_STRUCTURES, RtlpDebugPageHeapEnterCritSect(), RtlpDebugPageHeapFindBusyMem(), RtlpDebugPageHeapLeaveCritSect(), RtlpDebugPageHeapPointerFromHandle(), RtlpDphNormalHeapSetUserValue(), TRUE, and UNPROTECT_HEAP_STRUCTURES. Referenced by RtlDebugSetUserValueHeap(). { PDPH_HEAP_ROOT HeapRoot; PDPH_HEAP_BLOCK Node; BOOLEAN Success; Success = FALSE; HeapRoot = RtlpDebugPageHeapPointerFromHandle( HeapHandle ); if ( HeapRoot == NULL ) return Success; Flags |= HeapRoot->HeapFlags; RtlpDebugPageHeapEnterCritSect( HeapRoot, Flags ); UNPROTECT_HEAP_STRUCTURES( HeapRoot ); Node = RtlpDebugPageHeapFindBusyMem( HeapRoot, Address, NULL ); if ( Node == NULL ) { // // If we cannot find the node in page heap structures it might be // because it has been allocated from normal heap. // Success = RtlpDphNormalHeapSetUserValue ( HeapRoot, Flags, Address, UserValue); goto EXIT; } else { Node->UserValue = UserValue; Success = TRUE; } EXIT: PROTECT_HEAP_STRUCTURES( HeapRoot ); RtlpDebugPageHeapLeaveCritSect( HeapRoot ); return Success; }

SIZE_T RtlpDebugPageHeapSize (  IN PVOID  HeapHandle, IN ULONG  Flags, IN PVOID  Address )

Definition at line 3401 of file heappage.c. References EXIT, HeapHandle, IF_GENERATE_EXCEPTION, NULL, PROTECT_HEAP_STRUCTURES, RtlpDebugPageHeapEnterCritSect(), RtlpDebugPageHeapFindBusyMem(), RtlpDebugPageHeapLeaveCritSect(), RtlpDebugPageHeapPointerFromHandle(), RtlpDphNormalHeapSize(), Size, and UNPROTECT_HEAP_STRUCTURES. Referenced by RtlDebugSizeHeap(). { PDPH_HEAP_ROOT HeapRoot; PDPH_HEAP_BLOCK Node; SIZE_T Size; Size = -1; HeapRoot = RtlpDebugPageHeapPointerFromHandle( HeapHandle ); if (HeapRoot == NULL) { return Size; } Flags |= HeapRoot->HeapFlags; RtlpDebugPageHeapEnterCritSect( HeapRoot, Flags ); UNPROTECT_HEAP_STRUCTURES( HeapRoot ); Node = RtlpDebugPageHeapFindBusyMem( HeapRoot, Address, NULL ); if (Node == NULL) { // // No wonder we did not find the block in the page heap // structures because the block was probably allocated // from the normal heap. Or there is a real bug. If there // is a bug NormalHeapSize will break into debugger. // Size = RtlpDphNormalHeapSize ( HeapRoot, Flags, Address); goto EXIT; } else { Size = Node->nUserRequestedSize; } EXIT: PROTECT_HEAP_STRUCTURES( HeapRoot ); RtlpDebugPageHeapLeaveCritSect( HeapRoot ); if (Size == -1) { IF_GENERATE_EXCEPTION( Flags, STATUS_ACCESS_VIOLATION ); } return Size; }

BOOLEAN RtlpDebugPageHeapUnlock (  IN PVOID  HeapHandle  )

Definition at line 3613 of file heappage.c. References FALSE, HeapHandle, NULL, RtlpDebugPageHeapLeaveCritSect(), RtlpDebugPageHeapPointerFromHandle(), and TRUE. Referenced by RtlUnlockHeap(). { PDPH_HEAP_ROOT HeapRoot; HeapRoot = RtlpDebugPageHeapPointerFromHandle( HeapHandle ); if (HeapRoot == NULL) { return FALSE; } RtlpDebugPageHeapLeaveCritSect( HeapRoot ); return TRUE; }

NTSTATUS RtlpDebugPageHeapUsage (  IN PVOID  HeapHandle, IN ULONG  Flags, IN OUT PRTL_HEAP_USAGE  Usage )

Definition at line 3846 of file heappage.c. References HeapHandle, NULL, PROTECT_HEAP_STRUCTURES, RtlpDebugPageHeapEnterCritSect(), RtlpDebugPageHeapLeaveCritSect(), RtlpDebugPageHeapPointerFromHandle(), UNPROTECT_HEAP_STRUCTURES, and Usage(). Referenced by RtlDebugUsageHeap(). { PDPH_HEAP_ROOT HeapRoot; // // Partial implementation since this information is kind of meaningless. // HeapRoot = RtlpDebugPageHeapPointerFromHandle( HeapHandle ); if ( HeapRoot == NULL ) return STATUS_INVALID_PARAMETER; if ( Usage->Length != sizeof( RTL_HEAP_USAGE )) return STATUS_INFO_LENGTH_MISMATCH; memset( Usage, 0, sizeof( RTL_HEAP_USAGE )); Usage->Length = sizeof( RTL_HEAP_USAGE ); RtlpDebugPageHeapEnterCritSect( HeapRoot, 0 ); UNPROTECT_HEAP_STRUCTURES( HeapRoot ); Usage->BytesAllocated = HeapRoot->nBusyAllocationBytesAccessible; Usage->BytesCommitted = HeapRoot->nVirtualStorageBytes; Usage->BytesReserved = HeapRoot->nVirtualStorageBytes; Usage->BytesReservedMaximum = HeapRoot->nVirtualStorageBytes; PROTECT_HEAP_STRUCTURES( HeapRoot ); RtlpDebugPageHeapLeaveCritSect( HeapRoot ); return STATUS_SUCCESS; }

BOOLEAN RtlpDebugPageHeapValidate (  IN PVOID  HeapHandle, IN ULONG  Flags, IN PVOID  Address )

Definition at line 3539 of file heappage.c. References DEBUG_CODE, FALSE, HeapHandle, NULL, PROTECT_HEAP_STRUCTURES, RtlpDebugPageHeapEnterCritSect(), RtlpDebugPageHeapFindBusyMem(), RtlpDebugPageHeapLeaveCritSect(), RtlpDebugPageHeapPointerFromHandle(), RtlpDphNormalHeapValidate(), TRUE, and UNPROTECT_HEAP_STRUCTURES. Referenced by RtlValidateHeap(). { PDPH_HEAP_ROOT HeapRoot; PDPH_HEAP_BLOCK Node; BOOLEAN Result = FALSE; HeapRoot = RtlpDebugPageHeapPointerFromHandle( HeapHandle ); if (HeapRoot == NULL) return FALSE; Flags |= HeapRoot->HeapFlags; RtlpDebugPageHeapEnterCritSect( HeapRoot, Flags ); DEBUG_CODE( RtlpDebugPageHeapVerifyIntegrity( HeapRoot )); UNPROTECT_HEAP_STRUCTURES( HeapRoot ); Node = Address ? RtlpDebugPageHeapFindBusyMem( HeapRoot, Address, NULL ) : NULL; if (Node == NULL) { Result = RtlpDphNormalHeapValidate ( HeapRoot, Flags, Address); } PROTECT_HEAP_STRUCTURES( HeapRoot ); RtlpDebugPageHeapLeaveCritSect( HeapRoot ); if (Address) { if (Node) { return TRUE; } else { return Result; } } else { return TRUE; } }

NTSTATUS RtlpDebugPageHeapWalk (  IN PVOID  HeapHandle, IN OUT PRTL_HEAP_WALK_ENTRY  Entry )

Definition at line 3586 of file heappage.c. Referenced by RtlWalkHeap(). { return STATUS_NOT_IMPLEMENTED; }

NTSTATUS RtlpDebugPageHeapZero (  IN PVOID  HeapHandle, IN ULONG  Flags )

Definition at line 3828 of file heappage.c. Referenced by RtlDebugZeroHeap(). { return STATUS_SUCCESS; }

---