heappriv.h File Reference

#include "heappage.h"

Go to the source code of this file.

Classes
struct	_HEAP_LOOKASIDE
Defines
#define	HEAPASSERT(exp)
#define	PREALLOCATE_EVENT_MASK   0x80000000
#define	RtlInitializeLockRoutine(L)   RtlInitializeCriticalSectionAndSpinCount((PRTL_CRITICAL_SECTION)(L),(PREALLOCATE_EVENT_MASK | 4000))
#define	RtlAcquireLockRoutine(L)   RtlEnterCriticalSection((PRTL_CRITICAL_SECTION)(L))
#define	RtlReleaseLockRoutine(L)   RtlLeaveCriticalSection((PRTL_CRITICAL_SECTION)(L))
#define	RtlDeleteLockRoutine(L)   RtlDeleteCriticalSection((PRTL_CRITICAL_SECTION)(L))
#define	RtlOkayToLockRoutine(L)   NtdllOkayToLockRoutine((PVOID)(L))
#define	HEAP_DEBUG_FLAGS
#define	DEBUG_HEAP(F)   ((F & HEAP_DEBUG_FLAGS) && !(F & HEAP_SKIP_VALIDATION_CHECKS))
#define	SET_LAST_STATUS(S)   {NtCurrentTeb()->LastErrorValue = RtlNtStatusToDosError( NtCurrentTeb()->LastStatusValue = (ULONG)(S) );}
#define	HeapDebugPrint(_x_)
#define	HeapDebugBreak(_x_)
#define	SET_FREELIST_BIT(H, FB)
#define	CLEAR_FREELIST_BIT(H, FB)
#define	RtlpInsertFreeBlockDirect(H, FB, SIZE)
#define	RtlpFastInsertFreeBlockDirect(H, FB, SIZE)
#define	RtlpFastInsertDedicatedFreeBlockDirect(H, FB, SIZE)
#define	RtlpFastInsertNonDedicatedFreeBlockDirect(H, FB, SIZE)
#define	RtlpRemoveFreeBlock(H, FB)
#define	RtlpFastRemoveFreeBlock(H, FB)
#define	RtlpFastRemoveDedicatedFreeBlock(H, FB)
#define	RtlpFastRemoveNonDedicatedFreeBlock(H, FB)
#define	IS_HEAP_TAGGING_ENABLED()   (RtlGetNtGlobalFlags() & FLG_HEAP_ENABLE_TAGGING)
Typedefs
typedef enum _HEAP_TAG_ACTION	HEAP_TAG_ACTION
typedef _HEAP_LOOKASIDE	HEAP_LOOKASIDE
typedef _HEAP_LOOKASIDE *	PHEAP_LOOKASIDE
Enumerations
enum	_HEAP_TAG_ACTION {   AllocationAction, VirtualAllocationAction, FreeAction, VirtualFreeAction,   ReAllocationAction, VirtualReAllocationAction }
Functions
BOOLEAN	RtlpInitializeHeapSegment (IN PHEAP Heap, IN PHEAP_SEGMENT Segment, IN UCHAR SegmentIndex, IN ULONG Flags, IN PVOID BaseAddress, IN PVOID UnCommittedAddress, IN PVOID CommitLimitAddress)
PHEAP_FREE_ENTRY	RtlpCoalesceFreeBlocks (IN PHEAP Heap, IN PHEAP_FREE_ENTRY FreeBlock, IN OUT PSIZE_T FreeSize, IN BOOLEAN RemoveFromFreeList)
VOID	RtlpDeCommitFreeBlock (IN PHEAP Heap, IN PHEAP_FREE_ENTRY FreeBlock, IN SIZE_T FreeSize)
VOID	RtlpInsertFreeBlock (IN PHEAP Heap, IN PHEAP_FREE_ENTRY FreeBlock, IN SIZE_T FreeSize)
PHEAP_FREE_ENTRY	RtlpFindAndCommitPages (IN PHEAP Heap, IN PHEAP_SEGMENT Segment, IN OUT PSIZE_T Size, IN PVOID AddressWanted OPTIONAL)
PVOID	RtlAllocateHeapSlowly (IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
BOOLEAN	RtlFreeHeapSlowly (IN PVOID HeapHandle, IN ULONG Flags, IN PVOID BaseAddress)
SIZE_T	RtlpGetSizeOfBigBlock (IN PHEAP_ENTRY BusyBlock)
PHEAP_ENTRY_EXTRA	RtlpGetExtraStuffPointer (PHEAP_ENTRY BusyBlock)
BOOLEAN	RtlpCheckBusyBlockTail (IN PHEAP_ENTRY BusyBlock)
VOID	RtlpAddHeapToProcessList (IN PHEAP Heap)
VOID	RtlpRemoveHeapFromProcessList (IN PHEAP Heap)
PHEAP_FREE_ENTRY	RtlpCoalesceHeap (IN PHEAP Heap)
BOOLEAN	RtlpCheckHeapSignature (IN PHEAP Heap, IN PCHAR Caller)
BOOLEAN	RtlpValidateHeapEntry (IN PHEAP Heap, IN PHEAP_ENTRY BusyBlock, IN PCHAR Reason)
BOOLEAN	RtlpValidateHeap (IN PHEAP Heap, IN BOOLEAN AlwaysValidate)
VOID	RtlpUpdateHeapListIndex (USHORT OldIndex, USHORT NewIndex)
BOOLEAN	RtlpValidateHeapHeaders (IN PHEAP Heap, IN BOOLEAN Recompute)
PWSTR	RtlpGetTagName (PHEAP Heap, USHORT TagIndex)
USHORT	RtlpUpdateTagEntry (PHEAP Heap, USHORT TagIndex, SIZE_T OldSize, SIZE_T NewSize, HEAP_TAG_ACTION Action)
VOID	RtlpResetTags (PHEAP Heap)
VOID	RtlpDestroyTags (PHEAP Heap)
NTKERNELAPI VOID	RtlpInitializeHeapLookaside (IN PHEAP_LOOKASIDE Lookaside, IN USHORT Depth)
NTKERNELAPI VOID	RtlpDeleteHeapLookaside (IN PHEAP_LOOKASIDE Lookaside)
VOID	RtlpAdjustHeapLookasideDepth (IN PHEAP_LOOKASIDE Lookaside)
NTKERNELAPI PVOID	RtlpAllocateFromHeapLookaside (IN PHEAP_LOOKASIDE Lookaside)
NTKERNELAPI BOOLEAN	RtlpFreeToHeapLookaside (IN PHEAP_LOOKASIDE Lookaside, IN PVOID Entry)
Variables
UCHAR	CheckHeapFillPattern [CHECK_HEAP_TAIL_SIZE]

---

Define Documentation

#define CLEAR_FREELIST_BIT (  H, FB   )

Value: { \ ULONG _Index_; \ ULONG _Bit_; \ \ HEAPASSERT((FB)->Size < HEAP_MAXIMUM_FREELISTS); \ \ _Index_ = (FB)->Size >> 3; \ _Bit_ = (1 << ((FB)->Size & 7)); \ \ HEAPASSERT((H)->u.FreeListsInUseBytes[ _Index_ ] & _Bit_); \ HEAPASSERT(IsListEmpty(&(H)->FreeLists[ (FB)->Size ])); \ \ (H)->u.FreeListsInUseBytes[ _Index_ ] ^= _Bit_; \ } Definition at line 300 of file heappriv.h.

#define DEBUG_HEAP (  F   )     ((F & HEAP_DEBUG_FLAGS) && !(F & HEAP_SKIP_VALIDATION_CHECKS))

Definition at line 103 of file heappriv.h. Referenced by RtlAllocateHeapSlowly(), RtlCompactHeap(), RtlCreateHeap(), RtlCreateTagHeap(), RtlDestroyHeap(), RtlFreeHeapSlowly(), RtlGetUserInfoHeap(), RtlpGrowBlockInPlace(), RtlQueryTagHeap(), RtlReAllocateHeap(), RtlSetUserFlagsHeap(), RtlSetUserValueHeap(), RtlSizeHeap(), RtlUsageHeap(), RtlWalkHeap(), and RtlZeroHeap().

#define HEAP_DEBUG_FLAGS

Value: (HEAP_VALIDATE_PARAMETERS_ENABLED | \ HEAP_VALIDATE_ALL_ENABLED | \ HEAP_CAPTURE_STACK_BACKTRACES | \ HEAP_CREATE_ENABLE_TRACING | \ HEAP_FLAG_PAGE_ALLOCS) Definition at line 98 of file heappriv.h.

#define HEAPASSERT (  exp   )

Definition at line 39 of file heappriv.h. Referenced by RtlFreeHeap(), RtlFreeHeapSlowly(), and RtlpCoalesceFreeBlocks().

#define HeapDebugBreak (  _x_   )

Value: { \ VOID RtlpBreakPointHeap( PVOID BadAddress ); \ \ RtlpBreakPointHeap( (_x_) ); \ } Definition at line 134 of file heappriv.h. Referenced by RtlCreateHeap(), RtlDebugAllocateHeap(), RtlDebugCreateHeap(), RtlDebugFreeHeap(), RtlDebugReAllocateHeap(), RtlInitializeHeapManager(), RtlpCheckBusyBlockTail(), RtlpCheckHeapSignature(), RtlpFindAndCommitPages(), RtlpValidateHeap(), RtlpValidateHeapEntry(), and RtlReAllocateHeap().

#define HeapDebugPrint (  _x_   )

Value: { \ PLIST_ENTRY _Module; \ PLDR_DATA_TABLE_ENTRY _Entry; \ \ _Module = NtCurrentPeb()->Ldr->InLoadOrderModuleList.Flink; \ _Entry = CONTAINING_RECORD( _Module, \ LDR_DATA_TABLE_ENTRY, \ InLoadOrderLinks); \ DbgPrint("HEAP[%wZ]: ", &_Entry->BaseDllName); \ DbgPrint _x_; \ } Definition at line 121 of file heappriv.h. Referenced by RtlCreateHeap(), RtlDebugAllocateHeap(), RtlDebugCreateHeap(), RtlDebugDestroyHeap(), RtlDebugFreeHeap(), RtlDebugReAllocateHeap(), RtlDestroyHeap(), RtlInitializeHeapManager(), RtlpCheckBusyBlockTail(), RtlpCheckHeapSignature(), RtlpDeCommitFreeBlock(), RtlpFindAndCommitPages(), RtlpInsertUnCommittedPages(), RtlProtectHeap(), RtlpValidateHeap(), RtlpValidateHeapEntry(), RtlpValidateHeapHeaders(), RtlpValidateHeapSegment(), and RtlReAllocateHeap().

#define IS_HEAP_TAGGING_ENABLED (   )     (RtlGetNtGlobalFlags() & FLG_HEAP_ENABLE_TAGGING)

Definition at line 563 of file heappriv.h. Referenced by RtlAllocateHeapSlowly(), RtlCreateHeap(), RtlCreateTagHeap(), RtlDebugAllocateHeap(), RtlDebugFreeHeap(), RtlDebugReAllocateHeap(), RtlFreeHeapSlowly(), RtlpGrowBlockInPlace(), RtlQueryTagHeap(), RtlReAllocateHeap(), RtlUsageHeap(), and RtlWalkHeap().

#define PREALLOCATE_EVENT_MASK   0x80000000

Definition at line 73 of file heappriv.h.

#define RtlAcquireLockRoutine (  L   )     RtlEnterCriticalSection((PRTL_CRITICAL_SECTION)(L))

Definition at line 78 of file heappriv.h. Referenced by RtlAllocateHeap(), RtlAllocateHeapSlowly(), RtlCompactHeap(), RtlCreateTagHeap(), RtlDebugAllocateHeap(), RtlDebugCompactHeap(), RtlDebugCreateTagHeap(), RtlDebugFreeHeap(), RtlDebugGetUserInfoHeap(), RtlDebugQueryTagHeap(), RtlDebugReAllocateHeap(), RtlDebugSetUserFlagsHeap(), RtlDebugSetUserValueHeap(), RtlDebugSizeHeap(), RtlDebugUsageHeap(), RtlDebugZeroHeap(), RtlEnumProcessHeaps(), RtlExtendHeap(), RtlFreeHeap(), RtlFreeHeapSlowly(), RtlGetProcessHeaps(), RtlGetUserInfoHeap(), RtlLockHeap(), RtlpAddHeapToProcessList(), RtlpRemoveHeapFromProcessList(), RtlQueryTagHeap(), RtlReAllocateHeap(), RtlSetUserFlagsHeap(), RtlSetUserValueHeap(), RtlUsageHeap(), RtlValidateHeap(), and RtlZeroHeap().

#define RtlDeleteLockRoutine (  L   )     RtlDeleteCriticalSection((PRTL_CRITICAL_SECTION)(L))

Definition at line 80 of file heappriv.h. Referenced by RtlDestroyHeap().

#define RtlInitializeLockRoutine (  L   )     RtlInitializeCriticalSectionAndSpinCount((PRTL_CRITICAL_SECTION)(L),(PREALLOCATE_EVENT_MASK | 4000))

Definition at line 77 of file heappriv.h. Referenced by RtlCreateHeap(), RtlInitializeHeapManager(), and RtlpSerializeHeap().

#define RtlOkayToLockRoutine (  L   )     NtdllOkayToLockRoutine((PVOID)(L))

Definition at line 81 of file heappriv.h.

#define RtlpFastInsertDedicatedFreeBlockDirect (  H, FB, SIZE   )

Value: { \ PLIST_ENTRY _HEAD; \ \ HEAPASSERT((FB)->Size == (SIZE)); \ \ if (!((FB)->Flags & HEAP_ENTRY_LAST_ENTRY)) { \ \ HEAPASSERT(((PHEAP_ENTRY)(FB) + (SIZE))->PreviousSize == (SIZE)); \ } \ \ (FB)->Flags &= HEAP_ENTRY_LAST_ENTRY; \ \ _HEAD = &(H)->FreeLists[ (SIZE) ]; \ \ if (IsListEmpty(_HEAD)) { \ \ SET_FREELIST_BIT( H, FB ); \ } \ \ InsertTailList( _HEAD, &(FB)->FreeList ); \ } Definition at line 397 of file heappriv.h. Referenced by RtlFreeHeap().

#define RtlpFastInsertFreeBlockDirect (  H, FB, SIZE   )

Value: { \ if ((SIZE) < HEAP_MAXIMUM_FREELISTS) { \ \ RtlpFastInsertDedicatedFreeBlockDirect( H, FB, SIZE ); \ \ } else { \ \ RtlpFastInsertNonDedicatedFreeBlockDirect( H, FB, SIZE ); \ } \ } Definition at line 380 of file heappriv.h. Referenced by RtlAllocateHeap().

#define RtlpFastInsertNonDedicatedFreeBlockDirect (  H, FB, SIZE   )

Definition at line 425 of file heappriv.h. Referenced by RtlFreeHeap().

#define RtlpFastRemoveDedicatedFreeBlock (  H, FB   )

Value: { \ PLIST_ENTRY _EX_Blink; \ PLIST_ENTRY _EX_Flink; \ \ _EX_Flink = (FB)->FreeList.Flink; \ _EX_Blink = (FB)->FreeList.Blink; \ \ _EX_Blink->Flink = _EX_Flink; \ _EX_Flink->Blink = _EX_Blink; \ \ if (_EX_Flink == _EX_Blink) { \ \ CLEAR_FREELIST_BIT( H, FB ); \ } \ } Definition at line 525 of file heappriv.h. Referenced by RtlAllocateHeap().

#define RtlpFastRemoveFreeBlock (  H, FB   )

Value: { \ PLIST_ENTRY _EX_Blink; \ PLIST_ENTRY _EX_Flink; \ \ _EX_Flink = (FB)->FreeList.Flink; \ _EX_Blink = (FB)->FreeList.Blink; \ \ _EX_Blink->Flink = _EX_Flink; \ _EX_Flink->Blink = _EX_Blink; \ \ if ((_EX_Flink == _EX_Blink) && \ ((FB)->Size < HEAP_MAXIMUM_FREELISTS)) { \ \ CLEAR_FREELIST_BIT( H, FB ); \ } \ } Definition at line 502 of file heappriv.h. Referenced by RtlAllocateHeap().

#define RtlpFastRemoveNonDedicatedFreeBlock (  H, FB   )

Value: { \ RemoveEntryList(&(FB)->FreeList) \ } Definition at line 547 of file heappriv.h. Referenced by RtlAllocateHeap().

#define RtlpInsertFreeBlockDirect (  H, FB, SIZE   )

Definition at line 322 of file heappriv.h. Referenced by RtlAllocateHeapSlowly(), RtlFreeHeapSlowly(), RtlpDeCommitFreeBlock(), RtlpGrowBlockInPlace(), RtlpInsertFreeBlock(), and RtlReAllocateHeap().

#define RtlpRemoveFreeBlock (  H, FB   )

Definition at line 465 of file heappriv.h. Referenced by RtlAllocateHeapSlowly(), RtlpCoalesceFreeBlocks(), RtlpGrowBlockInPlace(), and RtlReAllocateHeap().

#define RtlReleaseLockRoutine (  L   )     RtlLeaveCriticalSection((PRTL_CRITICAL_SECTION)(L))

Definition at line 79 of file heappriv.h. Referenced by RtlAllocateHeap(), RtlAllocateHeapSlowly(), RtlCompactHeap(), RtlCreateTagHeap(), RtlDebugAllocateHeap(), RtlDebugCompactHeap(), RtlDebugCreateTagHeap(), RtlDebugFreeHeap(), RtlDebugGetUserInfoHeap(), RtlDebugQueryTagHeap(), RtlDebugReAllocateHeap(), RtlDebugSetUserFlagsHeap(), RtlDebugSetUserValueHeap(), RtlDebugSizeHeap(), RtlDebugUsageHeap(), RtlDebugZeroHeap(), RtlEnumProcessHeaps(), RtlExtendHeap(), RtlFreeHeap(), RtlFreeHeapSlowly(), RtlGetProcessHeaps(), RtlGetUserInfoHeap(), RtlpAddHeapToProcessList(), RtlpRemoveHeapFromProcessList(), RtlQueryTagHeap(), RtlReAllocateHeap(), RtlSetUserFlagsHeap(), RtlSetUserValueHeap(), RtlUnlockHeap(), RtlUsageHeap(), RtlValidateHeap(), and RtlZeroHeap().

#define SET_FREELIST_BIT (  H, FB   )

Value: { \ ULONG _Index_; \ ULONG _Bit_; \ \ HEAPASSERT((FB)->Size < HEAP_MAXIMUM_FREELISTS); \ \ _Index_ = (FB)->Size >> 3; \ _Bit_ = (1 << ((FB)->Size & 7)); \ \ HEAPASSERT(((H)->u.FreeListsInUseBytes[ _Index_ ] & _Bit_) == 0); \ \ (H)->u.FreeListsInUseBytes[ _Index_ ] |= _Bit_; \ } Definition at line 280 of file heappriv.h.

#define SET_LAST_STATUS (  S   )     {NtCurrentTeb()->LastErrorValue = RtlNtStatusToDosError( NtCurrentTeb()->LastStatusValue = (ULONG)(S) );}

Definition at line 104 of file heappriv.h. Referenced by RtlAllocateHeap(), RtlAllocateHeapSlowly(), RtlCompactHeap(), RtlDebugAllocateHeap(), RtlDebugCompactHeap(), RtlDebugCreateTagHeap(), RtlDebugFreeHeap(), RtlDebugGetUserInfoHeap(), RtlDebugQueryTagHeap(), RtlDebugReAllocateHeap(), RtlDebugSetUserFlagsHeap(), RtlDebugSetUserValueHeap(), RtlDebugSizeHeap(), RtlDebugWalkHeap(), RtlFreeHeap(), RtlFreeHeapSlowly(), RtlGetUserInfoHeap(), RtlReAllocateHeap(), RtlSetUserFlagsHeap(), RtlSetUserValueHeap(), RtlSizeHeap(), and RtlValidateHeap().

---

Typedef Documentation

typedef struct _HEAP_LOOKASIDE HEAP_LOOKASIDE

Referenced by RtlCreateHeap().

typedef enum _HEAP_TAG_ACTION HEAP_TAG_ACTION

Referenced by RtlpUpdateTagEntry().

typedef struct _HEAP_LOOKASIDE * PHEAP_LOOKASIDE

Referenced by RtlCreateHeap().

---

Enumeration Type Documentation

enum _HEAP_TAG_ACTION

Enumeration values: AllocationAction  VirtualAllocationAction  FreeAction  VirtualFreeAction  ReAllocationAction  VirtualReAllocationAction  Definition at line 571 of file heappriv.h. { AllocationAction, VirtualAllocationAction, FreeAction, VirtualFreeAction, ReAllocationAction, VirtualReAllocationAction } HEAP_TAG_ACTION;

---

Function Documentation

PVOID RtlAllocateHeapSlowly (  IN PVOID  HeapHandle, IN ULONG  Flags, IN SIZE_T  Size )

Definition at line 2075 of file rtl/heap.c. References _HEAP::AlignMask, _HEAP::AlignRound, ALLOC_HEAP_FILL, AllocationAction, CHECK_HEAP_TAIL_FILL, CHECK_HEAP_TAIL_SIZE, DEBUG_HEAP, EXCEPTION_CONTINUE_SEARCH, EXCEPTION_EXECUTE_HANDLER, FALSE, _HEAP::Flags, _HEAP_ENTRY::Flags, _HEAP_FREE_ENTRY::Flags, _HEAP::FreeLists, HEAP_ENTRY_BUSY, HEAP_ENTRY_EXTRA, HEAP_ENTRY_EXTRA_PRESENT, HEAP_ENTRY_FILL_PATTERN, HEAP_ENTRY_LAST_ENTRY, HEAP_ENTRY_VIRTUAL_ALLOC, HEAP_GRANULARITY_SHIFT, HEAP_MAXIMUM_BLOCK_SIZE, HEAP_MAXIMUM_FREELISTS, HEAP_NEED_EXTRA_FLAGS, HEAP_SMALL_TAG_MASK, HeapHandle, IS_HEAP_TAGGING_ENABLED, _HEAP_SEGMENT::LastEntryInSegment, _HEAP::LockVariable, NT_SUCCESS, NTSTATUS(), NULL, PHEAP_ENTRY_EXTRA, _HEAP_FREE_ENTRY::PreviousSize, _HEAP::PseudoTagEntries, RTL_PAGED_CODE, RtlAcquireLockRoutine, RtlDebugAllocateHeap(), RtlFindFirstSetRightMember, RtlpExtendHeap(), RtlpGetExtraStuffPointer(), RtlpInsertFreeBlock(), RtlpInsertFreeBlockDirect, RtlpRemoveFreeBlock, RtlpUpdateTagEntry(), RtlRaiseException(), RtlReleaseLockRoutine, _HEAP_ENTRY::SegmentIndex, _HEAP_FREE_ENTRY::SegmentIndex, _HEAP::Segments, SET_LAST_STATUS, _HEAP_ENTRY::Size, _HEAP_FREE_ENTRY::Size, Size, Status, _HEAP::TotalFreeSize, TRUE, _HEAP::u, _HEAP_ENTRY::UnusedBytes, USHORT, VirtualAllocationAction, _HEAP::VirtualAllocdBlocks, and _HEAP::VirtualMemoryThreshold. Referenced by RtlAllocateHeap(), and RtlDebugAllocateHeap(). : This routine does the equivalent of Rtl Allocate Heap but it does it will additional heap consistency checking logic and tagging. Arguments: HeapHandle - Supplies a pointer to an initialized heap structure Flags - Specifies the set of flags to use to control the allocation Size - Specifies the size, in bytes, of the allocation Return Value: PVOID - returns a pointer to the newly allocated block --*/ { PHEAP Heap = (PHEAP)HeapHandle; BOOLEAN LockAcquired = FALSE; PVOID ReturnValue = NULL; PULONG FreeListsInUse; ULONG FreeListsInUseUlong; SIZE_T AllocationSize; SIZE_T FreeSize, AllocationIndex; UCHAR EntryFlags, FreeFlags; PLIST_ENTRY FreeListHead, Next; PHEAP_ENTRY BusyBlock; PHEAP_FREE_ENTRY FreeBlock, SplitBlock, SplitBlock2; PHEAP_ENTRY_EXTRA ExtraStuff; NTSTATUS Status; EXCEPTION_RECORD ExceptionRecord; SIZE_T ZeroSize = 0; RTL_PAGED_CODE(); // // Note that Flags has already been OR'd with Heap->ForceFlags. // #ifndef NTOS_KERNEL_RUNTIME // // In the non kernel case check if we should be using the debug version // of heap allocation // if (DEBUG_HEAP( Flags )) { return RtlDebugAllocateHeap( HeapHandle, Flags, Size ); } #endif // NTOS_KERNEL_RUNTIME // // If the size is greater than maxlong then say we can't allocate that // much and return the error to our caller // if (Size > 0x7fffffff) { SET_LAST_STATUS( STATUS_NO_MEMORY ); return NULL; } // // Round up the requested size to the allocation granularity. Note // that if the request is for zero bytes we will still allocate memory, // // Allocation size will be either 16, 24, 32, ... // Allocation index will be 2, 3, 4, ... // AllocationSize = ((Size ? Size : 1) + Heap->AlignRound) & Heap->AlignMask; // // Generate the flags needed for this heap entry. Mark it busy and add // any user settable bits. Also if the input flag indicates any entry // extra fields and we have a tag to use then make room for the extra // fields in the heap entry // EntryFlags = (UCHAR)(HEAP_ENTRY_BUSY | ((Flags & HEAP_SETTABLE_USER_FLAGS) >> 4)); if ((Flags & HEAP_NEED_EXTRA_FLAGS) || (Heap->PseudoTagEntries != NULL)) { EntryFlags |= HEAP_ENTRY_EXTRA_PRESENT; AllocationSize += sizeof( HEAP_ENTRY_EXTRA ); } AllocationIndex = AllocationSize >> HEAP_GRANULARITY_SHIFT; try { // // Lock the free list. // if (!(Flags & HEAP_NO_SERIALIZE)) { RtlAcquireLockRoutine( Heap->LockVariable ); LockAcquired = TRUE; } // // Do all the actual heap work under the protection of a try-except clause // to protect us from corruption // try { // // If the allocation index is less than the maximum free list size // then we can use the index to check the free list otherwise we have // to either pull the entry off of the [0] index list or allocate // memory directly for this request. // if (AllocationIndex < HEAP_MAXIMUM_FREELISTS) { // // With a size that matches a free list size grab the head // of the list and check if there is an available entry // FreeListHead = &Heap->FreeLists[ AllocationIndex ]; if ( !IsListEmpty( FreeListHead )) { // // We're in luck the list has an entry so now get the free // entry, copy its flags, remove it from the free list // FreeBlock = CONTAINING_RECORD( FreeListHead->Flink, HEAP_FREE_ENTRY, FreeList ); FreeFlags = FreeBlock->Flags; RtlpRemoveFreeBlock( Heap, FreeBlock ); // // Adjust the total number of bytes free in the heap // Heap->TotalFreeSize -= AllocationIndex; // // Mark the block as busy and and set the number of bytes // unused and tag index. Also if it is the last entry // then keep that flag. // BusyBlock = (PHEAP_ENTRY)FreeBlock; BusyBlock->Flags = EntryFlags | (FreeFlags & HEAP_ENTRY_LAST_ENTRY); BusyBlock->UnusedBytes = (UCHAR)(AllocationSize - Size); } else { // // The free list that matches our request is empty. We know // that there are 128 free lists managed by a 4 ulong bitmap. // The next big if-else-if statement will decide which ulong // we tackle // // Check if the requested allocation index within the first // quarter of the free lists. // if (AllocationIndex < (HEAP_MAXIMUM_FREELISTS * 1) / 4) { // // Grab a pointer to the corresponding bitmap ulong, and // then get the bit we're actually interested in to be the // first bit of the ulong. // FreeListsInUse = &Heap->u.FreeListsInUseUlong[ 0 ]; FreeListsInUseUlong = *FreeListsInUse++ >> ((ULONG) AllocationIndex & 0x1F); // // If the remaining bitmap has any bits set then we know // there is a non empty list that is larger than our // requested index so find that bit and compute the list // head of the next non empty list // if (FreeListsInUseUlong) { FreeListHead += RtlFindFirstSetRightMember( FreeListsInUseUlong ); } else { // // The rest of the first ulong is all zeros so we need // to move to the second ulong // FreeListsInUseUlong = *FreeListsInUse++; // // Check if the second ulong has any bits set and if // so then compute the list head of the next non empty // list // if (FreeListsInUseUlong) { FreeListHead += ((HEAP_MAXIMUM_FREELISTS * 1) / 4) - (AllocationIndex & 0x1F) + RtlFindFirstSetRightMember( FreeListsInUseUlong ); } else { // // Do the same test for the third ulong // FreeListsInUseUlong = *FreeListsInUse++; if (FreeListsInUseUlong) { FreeListHead += ((HEAP_MAXIMUM_FREELISTS * 2) / 4) - (AllocationIndex & 0x1F) + RtlFindFirstSetRightMember( FreeListsInUseUlong ); } else { // // Repeat the test for the forth ulong, and if // that one is also empty then we need to grab // the allocation off of the [0] index list // FreeListsInUseUlong = *FreeListsInUse++; if (FreeListsInUseUlong) { FreeListHead += ((HEAP_MAXIMUM_FREELISTS * 3) / 4) - (AllocationIndex & 0x1F) + RtlFindFirstSetRightMember( FreeListsInUseUlong ); } else { goto LookInNonDedicatedList; } } } } // // Otherwise check if the requested allocation index lies // within the second quarter of the free lists. We repeat the // test just like we did above on the second, third, and forth // bitmap ulongs. // } else if (AllocationIndex < (HEAP_MAXIMUM_FREELISTS * 2) / 4) { FreeListsInUse = &Heap->u.FreeListsInUseUlong[ 1 ]; FreeListsInUseUlong = *FreeListsInUse++ >> ((ULONG) AllocationIndex & 0x1F); if (FreeListsInUseUlong) { FreeListHead += RtlFindFirstSetRightMember( FreeListsInUseUlong ); } else { FreeListsInUseUlong = *FreeListsInUse++; if (FreeListsInUseUlong) { FreeListHead += ((HEAP_MAXIMUM_FREELISTS * 1) / 4) - (AllocationIndex & 0x1F) + RtlFindFirstSetRightMember( FreeListsInUseUlong ); } else { FreeListsInUseUlong = *FreeListsInUse++; if (FreeListsInUseUlong) { FreeListHead += ((HEAP_MAXIMUM_FREELISTS * 2) / 4) - (AllocationIndex & 0x1F) + RtlFindFirstSetRightMember( FreeListsInUseUlong ); } else { goto LookInNonDedicatedList; } } } // // Otherwise check if the requested allocation index lies // within the third quarter of the free lists. We repeat the // test just like we did above on the third and forth bitmap // ulongs // } else if (AllocationIndex < (HEAP_MAXIMUM_FREELISTS * 3) / 4) { FreeListsInUse = &Heap->u.FreeListsInUseUlong[ 2 ]; FreeListsInUseUlong = *FreeListsInUse++ >> ((ULONG) AllocationIndex & 0x1F); if (FreeListsInUseUlong) { FreeListHead += RtlFindFirstSetRightMember( FreeListsInUseUlong ); } else { FreeListsInUseUlong = *FreeListsInUse++; if (FreeListsInUseUlong) { FreeListHead += ((HEAP_MAXIMUM_FREELISTS * 1) / 4) - (AllocationIndex & 0x1F) + RtlFindFirstSetRightMember( FreeListsInUseUlong ); } else { goto LookInNonDedicatedList; } } // // Lastly the requested allocation index must lie within the // last quarter of the free lists. We repeat the test just // like we did above on the forth ulong // } else { FreeListsInUse = &Heap->u.FreeListsInUseUlong[ 3 ]; FreeListsInUseUlong = *FreeListsInUse++ >> ((ULONG) AllocationIndex & 0x1F); if (FreeListsInUseUlong) { FreeListHead += RtlFindFirstSetRightMember( FreeListsInUseUlong ); } else { goto LookInNonDedicatedList; } } // // At this point the free list head points to a non empty free // list that is of greater size than we need. // FreeBlock = CONTAINING_RECORD( FreeListHead->Flink, HEAP_FREE_ENTRY, FreeList ); SplitFreeBlock: // // Remember the flags that go with this block and remove it // from its list // FreeFlags = FreeBlock->Flags; RtlpRemoveFreeBlock( Heap, FreeBlock ); // // Adjust the amount free in the heap // Heap->TotalFreeSize -= FreeBlock->Size; // // Mark the block busy // BusyBlock = (PHEAP_ENTRY)FreeBlock; BusyBlock->Flags = EntryFlags; // // Compute the size (i.e., index) of the amount from this // block that we don't need and can return to the free list // FreeSize = BusyBlock->Size - AllocationIndex; // // Finish setting up the rest of the new busy block // BusyBlock->Size = (USHORT)AllocationIndex; BusyBlock->UnusedBytes = (UCHAR)(AllocationSize - Size); // // Now if the size that we are going to free up is not zero // then lets get to work and to the split. // if (FreeSize != 0) { // // But first we won't ever bother doing a split that only // gives us 8 bytes back. So if free size is one then // just bump up the size of the new busy block // if (FreeSize == 1) { BusyBlock->Size += 1; BusyBlock->UnusedBytes += sizeof( HEAP_ENTRY ); } else { // // Get a pointer to where the new free block will be. // When we split a block the first part goes to the // new busy block and the second part goes back to the // free list // SplitBlock = (PHEAP_FREE_ENTRY)(BusyBlock + AllocationIndex); // // Reset the flags that we copied from the original // free list header, and set it other size fields. // SplitBlock->Flags = FreeFlags; SplitBlock->PreviousSize = (USHORT)AllocationIndex; SplitBlock->SegmentIndex = BusyBlock->SegmentIndex; SplitBlock->Size = (USHORT)FreeSize; // // If nothing else follows this entry then we will // insert this into the corresponding free list // if (FreeFlags & HEAP_ENTRY_LAST_ENTRY) { RtlpInsertFreeBlockDirect( Heap, SplitBlock, (USHORT)FreeSize ); Heap->TotalFreeSize += FreeSize; } else { // // Otherwise we need to check the following block // and if it is busy then update its previous size // before inserting our new free block into the // free list // SplitBlock2 = (PHEAP_FREE_ENTRY)((PHEAP_ENTRY)SplitBlock + FreeSize); if (SplitBlock2->Flags & HEAP_ENTRY_BUSY) { SplitBlock2->PreviousSize = (USHORT)FreeSize; RtlpInsertFreeBlockDirect( Heap, SplitBlock, (USHORT)FreeSize ); Heap->TotalFreeSize += FreeSize; } else { // // The following block is free so we'll merge // these to blocks. by first merging the flags // SplitBlock->Flags = SplitBlock2->Flags; // // Removing the second block from its free // list // RtlpRemoveFreeBlock( Heap, SplitBlock2 ); // // Updating the free total number of free // bytes in the heap and updating the size of // the new free block // Heap->TotalFreeSize -= SplitBlock2->Size; FreeSize += SplitBlock2->Size; // // If the new free block is still less than // the maximum heap block size then we'll // simply insert it back in the free list // if (FreeSize <= HEAP_MAXIMUM_BLOCK_SIZE) { SplitBlock->Size = (USHORT)FreeSize; // // Again check if the new following block // exists and if so then updsate is // previous size // if (!(SplitBlock->Flags & HEAP_ENTRY_LAST_ENTRY)) { ((PHEAP_FREE_ENTRY)((PHEAP_ENTRY)SplitBlock + FreeSize))->PreviousSize = (USHORT)FreeSize; } // // Insert the new free block into the free // list and update the free heap size // RtlpInsertFreeBlockDirect( Heap, SplitBlock, (USHORT)FreeSize ); Heap->TotalFreeSize += FreeSize; } else { // // The new free block is pretty large so // we need to call a private routine to do // the insert // RtlpInsertFreeBlock( Heap, SplitBlock, FreeSize ); } } } // // Now that free flags made it back into a free block // we can zero out what we saved. // FreeFlags = 0; // // If splitblock now last, update LastEntryInSegment // if (SplitBlock->Flags & HEAP_ENTRY_LAST_ENTRY) { PHEAP_SEGMENT Segment; Segment = Heap->Segments[SplitBlock->SegmentIndex]; Segment->LastEntryInSegment = (PHEAP_ENTRY)SplitBlock; } } } // // If there are no following entries then mark the new block // as such // if (FreeFlags & HEAP_ENTRY_LAST_ENTRY) { BusyBlock->Flags |= HEAP_ENTRY_LAST_ENTRY; } } // // Return the address of the user portion of the allocated block. // This is the byte following the header. // ReturnValue = BusyBlock + 1; // // If the flags indicate that we should zero memory then // remember how much to zero. We'll do the zeroing later // if (Flags & HEAP_ZERO_MEMORY) { ZeroSize = Size; // // Otherwise if the flags indicate that we should fill heap then // it it now. // } else if (Heap->Flags & HEAP_FREE_CHECKING_ENABLED) { RtlFillMemoryUlong( (PCHAR)(BusyBlock + 1), Size & ~0x3, ALLOC_HEAP_FILL ); } // // If the flags indicate that we should do tail checking then copy // the fill pattern right after the heap block. // if (Heap->Flags & HEAP_TAIL_CHECKING_ENABLED) { RtlFillMemory( (PCHAR)ReturnValue + Size, CHECK_HEAP_TAIL_SIZE, CHECK_HEAP_TAIL_FILL ); BusyBlock->Flags |= HEAP_ENTRY_FILL_PATTERN; } BusyBlock->SmallTagIndex = 0; // // If the flags indicate that there is an extra block persent then // we'll fill it in // if (BusyBlock->Flags & HEAP_ENTRY_EXTRA_PRESENT) { ExtraStuff = RtlpGetExtraStuffPointer( BusyBlock ); RtlZeroMemory( ExtraStuff, sizeof( *ExtraStuff )); #ifndef NTOS_KERNEL_RUNTIME // // In the non kernel case the tagging goes in either the extra // stuff of the busy block small tag index // if (IS_HEAP_TAGGING_ENABLED()) { ExtraStuff->TagIndex = RtlpUpdateTagEntry( Heap, (USHORT)((Flags & HEAP_TAG_MASK) >> HEAP_TAG_SHIFT), 0, BusyBlock->Size, AllocationAction ); } } else if (IS_HEAP_TAGGING_ENABLED()) { BusyBlock->SmallTagIndex = (UCHAR)RtlpUpdateTagEntry( Heap, (USHORT)((Flags & HEAP_SMALL_TAG_MASK) >> HEAP_TAG_SHIFT), 0, BusyBlock->Size, AllocationAction ); #endif // NTOS_KERNEL_RUNTIME } // // Return the address of the user portion of the allocated block. // This is the byte following the header. // leave; // // Otherwise the allocation request is bigger than the last dedicated // free list size. Now check if the size is within our threshold. // Meaning that it could be in the [0] free list // } else if (AllocationIndex <= Heap->VirtualMemoryThreshold) { LookInNonDedicatedList: // // The following code cycles through the [0] free list until // it finds a block that satisfies the request. The list // is sorted so the search is can be terminated early on success // FreeListHead = &Heap->FreeLists[ 0 ]; Next = FreeListHead->Flink; while (FreeListHead != Next) { FreeBlock = CONTAINING_RECORD( Next, HEAP_FREE_ENTRY, FreeList ); if (FreeBlock->Size >= AllocationIndex) { // // We've found something that we can use so now go to // where we treat spliting a free block. Note that // the block we found here might actually be the exact // size we need and that is why in the split free block // case we have to consider having nothing free after the // split // goto SplitFreeBlock; } else { Next = Next->Flink; } } // // The [0] list is either empty or everything is too small // so now extend the heap which should get us something less // than or equal to the virtual memory threshold // FreeBlock = RtlpExtendHeap( Heap, AllocationSize ); // // And provided we got something we'll treat it just like the // previous split free block cases // if (FreeBlock != NULL) { goto SplitFreeBlock; } // // We weren't able to extend the heap so we must be out of memory // Status = STATUS_NO_MEMORY; // // At this point the allocation is way too big for any of the free // lists and we can only satisfy this request if the heap is growable // } else if (Heap->Flags & HEAP_GROWABLE) { PHEAP_VIRTUAL_ALLOC_ENTRY VirtualAllocBlock; VirtualAllocBlock = NULL; // // Compute how much memory we will need for this allocation which // will include the allocation size plus a header, and then go // get the committed memory // AllocationSize += FIELD_OFFSET( HEAP_VIRTUAL_ALLOC_ENTRY, BusyBlock ); Status = ZwAllocateVirtualMemory( NtCurrentProcess(), (PVOID *)&VirtualAllocBlock, 0, &AllocationSize, MEM_COMMIT, PAGE_READWRITE ); if (NT_SUCCESS( Status )) { // // Just committed, already zero. Fill in the new block // and insert it in the list of big allocation // VirtualAllocBlock->BusyBlock.Size = (USHORT)(AllocationSize - Size); VirtualAllocBlock->BusyBlock.Flags = EntryFlags | HEAP_ENTRY_VIRTUAL_ALLOC | HEAP_ENTRY_EXTRA_PRESENT; VirtualAllocBlock->CommitSize = AllocationSize; VirtualAllocBlock->ReserveSize = AllocationSize; #ifndef NTOS_KERNEL_RUNTIME // // In the non kernel case see if we need to add heap tagging // if (IS_HEAP_TAGGING_ENABLED()) { VirtualAllocBlock->ExtraStuff.TagIndex = RtlpUpdateTagEntry( Heap, (USHORT)((Flags & HEAP_SMALL_TAG_MASK) >> HEAP_TAG_SHIFT), 0, VirtualAllocBlock->CommitSize >> HEAP_GRANULARITY_SHIFT, VirtualAllocationAction ); } #endif // NTOS_KERNEL_RUNTIME InsertTailList( &Heap->VirtualAllocdBlocks, (PLIST_ENTRY)VirtualAllocBlock ); // // Return the address of the user portion of the allocated // block. This is the byte following the header. // ReturnValue = (PHEAP_ENTRY)(VirtualAllocBlock + 1); leave; } // // Otherwise we have an error condition // } else { Status = STATUS_BUFFER_TOO_SMALL; } SET_LAST_STATUS( Status ); if (Flags & HEAP_GENERATE_EXCEPTIONS) { // // Construct an exception record. // ExceptionRecord.ExceptionCode = STATUS_NO_MEMORY; ExceptionRecord.ExceptionRecord = (PEXCEPTION_RECORD)NULL; ExceptionRecord.NumberParameters = 1; ExceptionRecord.ExceptionFlags = 0; ExceptionRecord.ExceptionInformation[ 0 ] = AllocationSize; RtlRaiseException( &ExceptionRecord ); } } except( GetExceptionCode() == STATUS_NO_MEMORY ? EXCEPTION_CONTINUE_SEARCH : EXCEPTION_EXECUTE_HANDLER ) { SET_LAST_STATUS( GetExceptionCode() ); } // // Check if there is anything to zero out // if ( ZeroSize ) { RtlZeroMemory( ReturnValue, ZeroSize ); } } finally { if (LockAcquired) { RtlReleaseLockRoutine( Heap->LockVariable ); } } // // And return to our caller // return ReturnValue; }

BOOLEAN RtlFreeHeapSlowly (  IN PVOID  HeapHandle, IN ULONG  Flags, IN PVOID  BaseAddress )

Definition at line 3273 of file rtl/heap.c. References _HEAP_VIRTUAL_ALLOC_ENTRY::CommitSize, DEBUG_HEAP, _HEAP::DeCommitFreeBlockThreshold, _HEAP::DeCommitTotalFreeThreshold, _HEAP_VIRTUAL_ALLOC_ENTRY::Entry, EXCEPTION_EXECUTE_HANDLER, _HEAP_VIRTUAL_ALLOC_ENTRY::ExtraStuff, FALSE, _HEAP_FREE_ENTRY::Flags, _HEAP::Flags, _HEAP_ENTRY::Flags, FreeAction, _HEAP_FREE_ENTRY_EXTRA::FreeBackTraceIndex, HEAP_CAPTURE_STACK_BACKTRACES, HEAP_ENTRY_BUSY, HEAP_ENTRY_EXTRA_PRESENT, HEAP_ENTRY_LAST_ENTRY, HEAP_ENTRY_VIRTUAL_ALLOC, HEAP_GRANULARITY_SHIFT, HEAP_MAXIMUM_BLOCK_SIZE, HEAP_MAXIMUM_SEGMENTS, HEAPASSERT, HeapHandle, IS_HEAP_TAGGING_ENABLED, _HEAP::LockVariable, NT_SUCCESS, NTSTATUS(), PHEAP_FREE_ENTRY_EXTRA, RTL_PAGED_CODE, RtlAcquireLockRoutine, RtlDebugFreeHeap(), RtlpCoalesceFreeBlocks(), RtlpDeCommitFreeBlock(), RtlpInsertFreeBlock(), RtlpInsertFreeBlockDirect, RtlpUpdateTagEntry(), RtlReleaseLockRoutine, _HEAP_ENTRY::SegmentIndex, SET_LAST_STATUS, _HEAP_ENTRY::Size, _HEAP_ENTRY::SmallTagIndex, Status, _HEAP_FREE_ENTRY_EXTRA::TagIndex, _HEAP_ENTRY_EXTRA::TagIndex, _HEAP::TotalFreeSize, TRUE, USHORT, and VirtualFreeAction. Referenced by RtlDebugFreeHeap(), and RtlFreeHeap(). : This routine returns a previously allocated block back to its heap. It is the slower version of Rtl Free Heap and does more checking and tagging control. Arguments: HeapHandle - Supplies a pointer to the owning heap structure Flags - Specifies the set of flags to use in the deallocation BaseAddress - Supplies a pointer to the block being freed Return Value: BOOLEAN - TRUE if the block was properly freed and FALSE otherwise --*/ { NTSTATUS Status; PHEAP Heap = (PHEAP)HeapHandle; PHEAP_ENTRY BusyBlock; PHEAP_ENTRY_EXTRA ExtraStuff; SIZE_T FreeSize; BOOLEAN Result; BOOLEAN LockAcquired = FALSE; #ifndef NTOS_KERNEL_RUNTIME USHORT TagIndex; #endif // NTOS_KERNEL_RUNTIME RTL_PAGED_CODE(); // // Note that Flags has already been OR'd with Heap->ForceFlags. // #ifndef NTOS_KERNEL_RUNTIME // // In the non kernel case see if we should be calling the debug version to // free the heap // if (DEBUG_HEAP( Flags )) { return RtlDebugFreeHeap( HeapHandle, Flags, BaseAddress ); } #endif // NTOS_KERNEL_RUNTIME // // Until we figure out otherwise we'll assume that this call will fail // Result = FALSE; try { // // Lock the heap // if (!(Flags & HEAP_NO_SERIALIZE)) { RtlAcquireLockRoutine( Heap->LockVariable ); LockAcquired = TRUE; } try { // // Backup to get a pointer to the start of the block // BusyBlock = (PHEAP_ENTRY)BaseAddress - 1; // // Protect ourselves from idiots by refusing to free blocks // that do not have the busy bit set. // // Also refuse to free blocks that are not eight-byte aligned. // The specific idiot in this case is Office95, which likes // to free a random pointer when you start Word95 from a desktop // shortcut. // // As further insurance against idiots, check the segment index // to make sure it is less than HEAP_MAXIMUM_SEGMENTS (16). This // should fix all the dorks who have ASCII or Unicode where the // heap header is supposed to be. // // Note that this test is just opposite from the test used in // Rtl Free Heap // if ((BusyBlock->Flags & HEAP_ENTRY_BUSY) && (((ULONG_PTR)BaseAddress & 0x7) == 0) && (BusyBlock->SegmentIndex < HEAP_MAXIMUM_SEGMENTS)) { // // Check if this is a virtual block allocation // if (BusyBlock->Flags & HEAP_ENTRY_VIRTUAL_ALLOC) { PHEAP_VIRTUAL_ALLOC_ENTRY VirtualAllocBlock; // // This is a big virtual block allocation. To free it // we only have to remove it from the heaps list of // virtual allocated blocks, unlock the heap, and return // the block to vm // VirtualAllocBlock = CONTAINING_RECORD( BusyBlock, HEAP_VIRTUAL_ALLOC_ENTRY, BusyBlock ); RemoveEntryList( &VirtualAllocBlock->Entry ); #ifndef NTOS_KERNEL_RUNTIME // // In the non kernel case see if we need to free the tag // if (IS_HEAP_TAGGING_ENABLED()) { RtlpUpdateTagEntry( Heap, VirtualAllocBlock->ExtraStuff.TagIndex, VirtualAllocBlock->CommitSize >> HEAP_GRANULARITY_SHIFT, 0, VirtualFreeAction ); } #endif // NTOS_KERNEL_RUNTIME FreeSize = 0; Status = ZwFreeVirtualMemory( NtCurrentProcess(), (PVOID *)&VirtualAllocBlock, &FreeSize, MEM_RELEASE ); // // Check if everything worked okay, if we had trouble freeing // the block back to vm return an error if necessary, // if (NT_SUCCESS( Status )) { Result = TRUE; } else { SET_LAST_STATUS( Status ); } } else { // // This block is not a big allocation so we need to // to get its size, and coalesce the blocks note that // the user mode heap does this conditionally on a heap // flag. The coalesce function returns the newly formed // free block and the new size. // #ifndef NTOS_KERNEL_RUNTIME // // First in the non kernel case remove any tagging we might // have been using. Note that the will either be in // the heap header, or in the extra block if present // if (IS_HEAP_TAGGING_ENABLED()) { if (BusyBlock->Flags & HEAP_ENTRY_EXTRA_PRESENT) { ExtraStuff = (PHEAP_ENTRY_EXTRA)(BusyBlock + BusyBlock->Size - 1); TagIndex = RtlpUpdateTagEntry( Heap, ExtraStuff->TagIndex, BusyBlock->Size, 0, FreeAction ); } else { TagIndex = RtlpUpdateTagEntry( Heap, BusyBlock->SmallTagIndex, BusyBlock->Size, 0, FreeAction ); } } else { TagIndex = 0; } #endif // NTOS_KERNEL_RUNTIME // // This is the size of the block we are freeing // FreeSize = BusyBlock->Size; #ifndef NTOS_KERNEL_RUNTIME // // In the non kernel case see if we should coalesce on free // if (!(Heap->Flags & HEAP_DISABLE_COALESCE_ON_FREE)) { #endif // NTOS_KERNEL_RUNTIME // // In kernel case and in the tested user mode case we // now coalesce free blocks // BusyBlock = (PHEAP_ENTRY)RtlpCoalesceFreeBlocks( Heap, (PHEAP_FREE_ENTRY)BusyBlock, &FreeSize, FALSE ); #ifndef NTOS_KERNEL_RUNTIME } #endif // NTOS_KERNEL_RUNTIME // // If the block should not be decommit then try and put it // on a free list // if ((FreeSize < Heap->DeCommitFreeBlockThreshold) || ((Heap->TotalFreeSize + FreeSize) < Heap->DeCommitTotalFreeThreshold)) { // // Check if the block can fit on one of the dedicated free // lists // if (FreeSize <= (ULONG)HEAP_MAXIMUM_BLOCK_SIZE) { // // It can fit on a dedicated free list so insert it on // RtlpInsertFreeBlockDirect( Heap, (PHEAP_FREE_ENTRY)BusyBlock, (USHORT)FreeSize ); // // If there is a following entry then make sure the // sizes agree // if (!(BusyBlock->Flags & HEAP_ENTRY_LAST_ENTRY)) { HEAPASSERT((BusyBlock + FreeSize)->PreviousSize == (USHORT)FreeSize); } // // Update the heap with the amount of free space // available // Heap->TotalFreeSize += FreeSize; } else { // // The block goes on the non dedicated free list // RtlpInsertFreeBlock( Heap, (PHEAP_FREE_ENTRY)BusyBlock, FreeSize ); } #ifndef NTOS_KERNEL_RUNTIME // // In the non kernel case see if the there was tag and if // so then update the entry to show that it's been freed // if (TagIndex != 0) { PHEAP_FREE_ENTRY_EXTRA FreeExtra; BusyBlock->Flags |= HEAP_ENTRY_EXTRA_PRESENT; FreeExtra = (PHEAP_FREE_ENTRY_EXTRA)(BusyBlock + BusyBlock->Size) - 1; FreeExtra->TagIndex = TagIndex; FreeExtra->FreeBackTraceIndex = 0; #if i386 // // In the x86 case we can also capture the stack // backtrace // if (Heap->Flags & HEAP_CAPTURE_STACK_BACKTRACES) { FreeExtra->FreeBackTraceIndex = (USHORT)RtlLogStackBackTrace(); } #endif // i386 } #endif // NTOS_KERNEL_RUNTIME } else { // // Otherwise the block is big enough to decommit so have a // worker routine to do the decommit // RtlpDeCommitFreeBlock( Heap, (PHEAP_FREE_ENTRY)BusyBlock, FreeSize ); } // // And say the free worked fine // Result = TRUE; } } else { // // Not a busy block, or it's not aligned or the segment is // to big, meaning it's corrupt // SET_LAST_STATUS( STATUS_INVALID_PARAMETER ); } } except( EXCEPTION_EXECUTE_HANDLER ) { SET_LAST_STATUS( GetExceptionCode() ); Result = FALSE; } } finally { // // Unlock the heap // if (LockAcquired) { RtlReleaseLockRoutine( Heap->LockVariable ); } } // // And return to our caller // return Result; }

VOID RtlpAddHeapToProcessList (  IN PHEAP  Heap  )

Definition at line 4457 of file heapdll.c. References _HEAP_LOCK::Lock, NULL, RtlAcquireLockRoutine, RtlAllocateHeap, RtlFreeHeap, RtlpProcessHeapsListBuffer, RtlpProcessHeapsListLock, RtlReleaseLockRoutine, and USHORT. Referenced by RtlCreateHeap(). : This routine adds the specified heap to the heap list for the current process Arguments: Heap - Supplies a pointer to the heap being added Return Value: None. --*/ { PPEB Peb = NtCurrentPeb(); PHEAP *NewList; // // Lock the processes heap list // RtlAcquireLockRoutine( &RtlpProcessHeapsListLock.Lock ); try { // // If the processes heap list is already full then we'll // double the size of the heap list for the process // if (Peb->NumberOfHeaps == Peb->MaximumNumberOfHeaps) { // // Double the size // Peb->MaximumNumberOfHeaps *= 2; // // Allocate space for the new list // NewList = RtlAllocateHeap( RtlProcessHeap(), 0, Peb->MaximumNumberOfHeaps * sizeof( *NewList )); if (NewList == NULL) { leave; } // // Copy over the old buffer to the new buffer // RtlMoveMemory( NewList, Peb->ProcessHeaps, Peb->NumberOfHeaps * sizeof( *NewList )); // // Check if we should free the previous heap list buffer // if (Peb->ProcessHeaps != RtlpProcessHeapsListBuffer) { RtlFreeHeap( RtlProcessHeap(), 0, Peb->ProcessHeaps ); } // // Set the new list // Peb->ProcessHeaps = NewList; } // // Add the input heap to the next free heap list slot, and note that // the processes heap list index is really one beyond the actualy // index used to get the processes heap // Peb->ProcessHeaps[ Peb->NumberOfHeaps++ ] = Heap; Heap->ProcessHeapsListIndex = (USHORT)Peb->NumberOfHeaps; } finally { // // Unlock the processes heap list // RtlReleaseLockRoutine( &RtlpProcessHeapsListLock.Lock ); } // // And return to our caller // return; }

VOID RtlpAdjustHeapLookasideDepth (  IN PHEAP_LOOKASIDE  Lookaside  )

Definition at line 130 of file rtl/lookasid.c. References MINIMUM_ALLOCATION_THRESHOLD, MINIMUM_LOOKASIDE_DEPTH, and USHORT. Referenced by RtlAllocateHeap(). : This function is called periodically to adjust the maximum depth of a single heap lookaside list. Arguments: Lookaside - Supplies a pointer to a heap lookaside list structure. Return Value: None. --*/ { ULONG Allocates; ULONG Misses; // // Compute the total number of allocations and misses for this scan // period. // Allocates = Lookaside->TotalAllocates - Lookaside->LastTotalAllocates; Lookaside->LastTotalAllocates = Lookaside->TotalAllocates; Misses = Lookaside->AllocateMisses - Lookaside->LastAllocateMisses; Lookaside->LastAllocateMisses = Lookaside->AllocateMisses; // // Compute target depth of lookaside list. // { ULONG Ratio; ULONG Target; // // If the allocate rate is less than the mimimum threshold, then lower // the maximum depth of the lookaside list. Otherwise, if the miss rate // is less than .5%, then lower the maximum depth. Otherwise, raise the // maximum depth based on the miss rate. // if (Misses >= Allocates) { Misses = Allocates; } if (Allocates == 0) { Allocates = 1; } Ratio = (Misses * 1000) / Allocates; Target = Lookaside->Depth; if (Allocates < MINIMUM_ALLOCATION_THRESHOLD) { if (Target > (MINIMUM_LOOKASIDE_DEPTH + 10)) { Target -= 10; } else { Target = MINIMUM_LOOKASIDE_DEPTH; } } else if (Ratio < 5) { if (Target > (MINIMUM_LOOKASIDE_DEPTH + 1)) { Target -= 1; } else { Target = MINIMUM_LOOKASIDE_DEPTH; } } else { Target += ((Ratio * Lookaside->MaximumDepth) / (1000 * 2)) + 5; if (Target > Lookaside->MaximumDepth) { Target = Lookaside->MaximumDepth; } } Lookaside->Depth = (USHORT)Target; } return; }

NTKERNELAPI PVOID RtlpAllocateFromHeapLookaside (  IN PHEAP_LOOKASIDE  Lookaside  )

Definition at line 222 of file rtl/lookasid.c. References EXCEPTION_EXECUTE_HANDLER, NULL, and RtlpInterlockedPopEntrySList(). Referenced by RtlAllocateHeap(), RtlValidateHeap(), and RtlWalkHeap(). : This function removes (pops) the first entry from the specified heap lookaside list. Arguments: Lookaside - Supplies a pointer to a paged lookaside list structure. Return Value: If an entry is removed from the specified lookaside list, then the address of the entry is returned as the function value. Otherwise, NULL is returned. --*/ { PVOID Entry; Lookaside->TotalAllocates += 1; // // We need to protect ourselves from a second thread that can cause us // to fault on the pop. If we do fault then we'll just do a regular pop // operation // #if defined(_X86_) if (USER_SHARED_DATA->ProcessorFeatures[PF_COMPARE_EXCHANGE_DOUBLE]) { #endif // defined(_X86_) try { Entry = RtlpInterlockedPopEntrySList(&Lookaside->ListHead); } except (EXCEPTION_EXECUTE_HANDLER) { Entry = NULL; } if (Entry != NULL) { return Entry; } #if defined(_X86_) } #endif // defined(_X86_) Lookaside->AllocateMisses += 1; return NULL; }

BOOLEAN RtlpCheckBusyBlockTail (  IN PHEAP_ENTRY  BusyBlock  )

Definition at line 6117 of file rtl/heap.c. References CHECK_HEAP_TAIL_SIZE, CheckHeapFillPattern, FALSE, HEAP_ENTRY_VIRTUAL_ALLOC, HEAP_GRANULARITY_SHIFT, HeapDebugBreak, HeapDebugPrint, RTL_PAGED_CODE, RtlpGetSizeOfBigBlock(), Size, and TRUE. Referenced by RtlpValidateHeap(), RtlpValidateHeapEntry(), and RtlpValidateHeapSegment(). 06123 : 06124 06125 This routine checks to see if the bytes beyond the user specified 06126 allocation have been modified. It does this by checking for a tail 06127 fill pattern 06128 06129 Arguments: 06130 06131 BusyBlock - Supplies the heap block being queried 06132 06133 Return Value: 06134 06135 BOOLEAN - TRUE if the tail is still okay and FALSE otherwise 06136 06137 --*/ 06138 06139 { 06140 PCHAR Tail; 06141 SIZE_T Size, cbEqual; 06142 06143 RTL_PAGED_CODE(); 06144 06145 // 06146 // Compute the user allocated size of the input heap block 06147 // 06148 06149 if (BusyBlock->Flags & HEAP_ENTRY_VIRTUAL_ALLOC) { 06150 06151 Size = RtlpGetSizeOfBigBlock( BusyBlock ); 06152 06153 } else { 06154 06155 Size = (BusyBlock->Size << HEAP_GRANULARITY_SHIFT) - BusyBlock->UnusedBytes; 06156 } 06157 06158 // 06159 // Compute a pointer to the tail of the input block. This would 06160 // be the space right after the user allocated portion 06161 // 06162 06163 Tail = (PCHAR)(BusyBlock + 1) + Size; 06164 06165 // 06166 // Check if the tail fill pattern is still there 06167 // 06168 06169 cbEqual = RtlCompareMemory( Tail, 06170 CheckHeapFillPattern, 06171 CHECK_HEAP_TAIL_SIZE ); 06172 06173 // 06174 // If the number we get back isn't equal to the tail size then 06175 // someone modified the block beyond its user specified allocation 06176 // size 06177 // 06178 06179 if (cbEqual != CHECK_HEAP_TAIL_SIZE) { 06180 06181 // 06182 // Do some debug printing 06183 // 06184 06185 HeapDebugPrint(( "Heap block at %p modified at %p past requested size of %lx\n", 06186 BusyBlock, 06187 Tail + cbEqual, 06188 Size )); 06189 06190 HeapDebugBreak( BusyBlock ); 06191 06192 // 06193 // And tell our caller there was an error 06194 // 06195 06196 return FALSE; 06197 06198 } else { 06199 06200 // 06201 // And return to our caller that the tail is fine 06202 // 06203 06204 return TRUE; 06205 } 06206 } }

BOOLEAN RtlpCheckHeapSignature (  IN PHEAP  Heap, IN PCHAR  Caller )

Definition at line 4250 of file heapdll.c. References DbgPrint, FALSE, HEAP_SIGNATURE, HeapDebugBreak, HeapDebugPrint, NULL, and TRUE. Referenced by RtlDebugAllocateHeap(), RtlDebugCompactHeap(), RtlDebugCreateTagHeap(), RtlDebugDestroyHeap(), RtlDebugFreeHeap(), RtlDebugGetUserInfoHeap(), RtlDebugQueryTagHeap(), RtlDebugReAllocateHeap(), RtlDebugSetUserFlagsHeap(), RtlDebugSetUserValueHeap(), RtlDebugSizeHeap(), RtlDebugUsageHeap(), RtlDebugWalkHeap(), RtlDebugZeroHeap(), RtlLockHeap(), RtlpSerializeHeap(), RtlUnlockHeap(), and RtlValidateHeap(). : This routine verifies that it is being called with a properly identified heap. Arguments: Heap - Supplies a pointer to the heap being checked Caller - Supplies a string that can be used to identify the caller Return Value: BOOLEAN - TRUE if the heap signature is present, and FALSE otherwise --*/ { // // If the heap signature matches then that is the only // checking we do // if (Heap->Signature == HEAP_SIGNATURE) { return TRUE; } else { // // We have a bad heap signature. Print out some information, break // into the debugger, and then return false // HeapDebugPrint(( "Invalid heap signature for heap at %x", Heap )); if (Caller != NULL) { DbgPrint( ", passed to %s", Caller ); } DbgPrint( "\n" ); HeapDebugBreak( &Heap->Signature ); return FALSE; } }

PHEAP_FREE_ENTRY RtlpCoalesceFreeBlocks (  IN PHEAP  Heap, IN PHEAP_FREE_ENTRY  FreeBlock, IN OUT PSIZE_T  FreeSize, IN BOOLEAN  RemoveFromFreeList )

Definition at line 5312 of file rtl/heap.c. References FALSE, _HEAP_FREE_ENTRY::Flags, HEAP_ENTRY_BUSY, HEAP_ENTRY_LAST_ENTRY, HEAP_MAXIMUM_BLOCK_SIZE, HEAPASSERT, _HEAP_SEGMENT::LastEntryInSegment, _HEAP_FREE_ENTRY::PreviousSize, RTL_PAGED_CODE, RtlpRemoveFreeBlock, _HEAP_FREE_ENTRY::SegmentIndex, _HEAP_FREE_ENTRY::Size, and USHORT. Referenced by RtlFreeHeap(), RtlFreeHeapSlowly(), RtlpCoalesceHeap(), RtlpExtendHeap(), and RtlpGrowBlockInPlace(). : This routine coalesces the free block together. Arguments: Heap - Supplies a pointer to the heap being manipulated FreeBlock - Supplies a pointer to the free block that we want coalesced FreeSize - Supplies the size, in bytes, of the free block. On return it contains the size, in bytes, of the of the newly coalesced free block RemoveFromFreeList - Indicates if the input free block is already on a free list and needs to be removed to before coalescing Return Value: PHEAP_FREE_ENTRY - returns a pointer to the newly coalesced free block --*/ { PHEAP_FREE_ENTRY FreeBlock1, NextFreeBlock; RTL_PAGED_CODE(); // // Point to the preceding block // FreeBlock1 = (PHEAP_FREE_ENTRY)((PHEAP_ENTRY)FreeBlock - FreeBlock->PreviousSize); // // Check if there is a preceding block, and if it is free, and the two sizes // put together will still fit on a free lists. // if ((FreeBlock1 != FreeBlock) && !(FreeBlock1->Flags & HEAP_ENTRY_BUSY) && ((*FreeSize + FreeBlock1->Size) <= HEAP_MAXIMUM_BLOCK_SIZE)) { // // We are going to merge ourselves with the preceding block // HEAPASSERT(FreeBlock->PreviousSize == FreeBlock1->Size); // // Check if we need to remove the input block from the free list // if (RemoveFromFreeList) { RtlpRemoveFreeBlock( Heap, FreeBlock ); Heap->TotalFreeSize -= FreeBlock->Size; // // We're removed so we don't have to do it again // RemoveFromFreeList = FALSE; } // // Remove the preceding block from its free list // RtlpRemoveFreeBlock( Heap, FreeBlock1 ); // // Copy over the last entry flag if necessary from what we're freeing // to the preceding block // FreeBlock1->Flags = FreeBlock->Flags & HEAP_ENTRY_LAST_ENTRY; if( FreeBlock1->Flags & HEAP_ENTRY_LAST_ENTRY ) { PHEAP_SEGMENT Segment; Segment = Heap->Segments[FreeBlock1->SegmentIndex]; Segment->LastEntryInSegment = (PHEAP_ENTRY)FreeBlock1; } // // Point to the preceding block, and adjust the sizes for the // new free block. It is the total of both blocks. // FreeBlock = FreeBlock1; *FreeSize += FreeBlock1->Size; Heap->TotalFreeSize -= FreeBlock1->Size; FreeBlock->Size = (USHORT)*FreeSize; // // Check if we need to update the previous size of the next // entry // if (!(FreeBlock->Flags & HEAP_ENTRY_LAST_ENTRY)) { ((PHEAP_ENTRY)FreeBlock + *FreeSize)->PreviousSize = (USHORT)*FreeSize; } } // // Check if there is a following block. // if (!(FreeBlock->Flags & HEAP_ENTRY_LAST_ENTRY)) { // // There is a following block so now get a pointer to it // and check if it is free and if putting the two blocks together // still fits on a free list // NextFreeBlock = (PHEAP_FREE_ENTRY)((PHEAP_ENTRY)FreeBlock + *FreeSize); if (!(NextFreeBlock->Flags & HEAP_ENTRY_BUSY) && ((*FreeSize + NextFreeBlock->Size) <= HEAP_MAXIMUM_BLOCK_SIZE)) { // // We are going to merge ourselves with the following block // HEAPASSERT(*FreeSize == NextFreeBlock->PreviousSize); // // Check if we need to remove the input block from the free list // if (RemoveFromFreeList) { RtlpRemoveFreeBlock( Heap, FreeBlock ); Heap->TotalFreeSize -= FreeBlock->Size; // // **** this assignment isn't necessary because there isn't // **** any more merging after this one // RemoveFromFreeList = FALSE; } // // Copy up the last entry flag if necessary from the following // block to our input block // FreeBlock->Flags = NextFreeBlock->Flags & HEAP_ENTRY_LAST_ENTRY; if( FreeBlock->Flags & HEAP_ENTRY_LAST_ENTRY ) { PHEAP_SEGMENT Segment; Segment = Heap->Segments[FreeBlock->SegmentIndex]; Segment->LastEntryInSegment = (PHEAP_ENTRY)FreeBlock; } // // Remove the following block from its free list // RtlpRemoveFreeBlock( Heap, NextFreeBlock ); // // Adjust the size for the newly combined block // *FreeSize += NextFreeBlock->Size; Heap->TotalFreeSize -= NextFreeBlock->Size; FreeBlock->Size = (USHORT)*FreeSize; // // Check if we need to update the previous size of the next block // if (!(FreeBlock->Flags & HEAP_ENTRY_LAST_ENTRY)) { ((PHEAP_ENTRY)FreeBlock + *FreeSize)->PreviousSize = (USHORT)*FreeSize; } } } // // And return the free block to our caller // return FreeBlock; }

PHEAP_FREE_ENTRY RtlpCoalesceHeap (  IN PHEAP  Heap  )

Definition at line 4312 of file heapdll.c. References _HEAP_FREE_ENTRY::Flags, HEAP_ENTRY_LAST_ENTRY, HEAP_GRANULARITY_SHIFT, HEAP_MAXIMUM_FREELISTS, n, NULL, PAGE_SIZE, _HEAP_FREE_ENTRY::PreviousSize, RTL_PAGED_CODE, RtlpCoalesceFreeBlocks(), RtlpDeCommitFreeBlock(), RtlpInsertFreeBlock(), _HEAP_FREE_ENTRY::Size, and TRUE. Referenced by RtlCompactHeap(), and RtlpExtendHeap(). : This routine scans through heap and coalesces its free blocks Arguments: Heap - Supplies a pointer to the heap being modified Return Value: PHEAP_FREE_ENTRY - returns a pointer to the largest free block in the heap --*/ { SIZE_T OldFreeSize; SIZE_T FreeSize; ULONG n; PHEAP_FREE_ENTRY FreeBlock, LargestFreeBlock; PLIST_ENTRY FreeListHead, Next; RTL_PAGED_CODE(); LargestFreeBlock = NULL; // // For every free list in the heap, going from smallest to // largest and skipping the zero index one we will // scan the free list coalesceing the free blocks // FreeListHead = &Heap->FreeLists[ 1 ]; n = HEAP_MAXIMUM_FREELISTS; while (n--) { // // Scan the individual free list // Next = FreeListHead->Blink; while (FreeListHead != Next) { // // Get a pointer to the current free list entry, and remember its // next and size // FreeBlock = CONTAINING_RECORD( Next, HEAP_FREE_ENTRY, FreeList ); Next = Next->Flink; OldFreeSize = FreeSize = FreeBlock->Size; // // Coalesce the block // FreeBlock = RtlpCoalesceFreeBlocks( Heap, FreeBlock, &FreeSize, TRUE ); // // If the new free size is not equal to the old free size // then we actually did some changes otherwise the coalesce // calll was essentialy a noop // if (FreeSize != OldFreeSize) { // // Check if we should decommit this block because it is too // large and it is either at the beginning or end of a // committed run. Otherwise just insert the new sized // block into its corresponding free list. We'll hit this // block again when we visit larger free lists. // if (FreeBlock->Size >= (PAGE_SIZE >> HEAP_GRANULARITY_SHIFT) && (FreeBlock->PreviousSize == 0 || (FreeBlock->Flags & HEAP_ENTRY_LAST_ENTRY))) { RtlpDeCommitFreeBlock( Heap, FreeBlock, FreeSize ); } else { RtlpInsertFreeBlock( Heap, FreeBlock, FreeSize ); } Next = FreeListHead->Blink; } else { // // Remember the largest free block we've found so far // if ((LargestFreeBlock == NULL) || (LargestFreeBlock->Size < FreeBlock->Size)) { LargestFreeBlock = FreeBlock; } } } // // Go to the next free list. When we hit the largest dedicated // size free list we'll fall back to the [0] index list // if (n == 1) { FreeListHead = &Heap->FreeLists[ 0 ]; } else { FreeListHead++; } } // // And return to our caller // return LargestFreeBlock; }

VOID RtlpDeCommitFreeBlock (  IN PHEAP  Heap, IN PHEAP_FREE_ENTRY  FreeBlock, IN SIZE_T  FreeSize )

Definition at line 5527 of file rtl/heap.c. References _HEAP_SEGMENT::Entry, _HEAP_SEGMENT::FirstEntry, _HEAP_ENTRY::Flags, _HEAP_FREE_ENTRY::Flags, HEAP_ENTRY_LAST_ENTRY, HEAP_GRANULARITY_SHIFT, HeapDebugPrint, _HEAP_SEGMENT::LastEntryInSegment, NT_SUCCESS, NTSTATUS(), NULL, _HEAP_SEGMENT::NumberOfUnCommittedPages, PAGE_SIZE, _HEAP_ENTRY::PreviousSize, _HEAP_FREE_ENTRY::PreviousSize, ROUND_DOWN_TO_POWER2, ROUND_UP_TO_POWER2, RTL_PAGED_CODE, RtlpCreateUnCommittedRange(), RtlpDestroyUnCommittedRange(), RtlpInsertFreeBlock(), RtlpInsertFreeBlockDirect, RtlpInsertUnCommittedPages(), _HEAP_ENTRY::SegmentIndex, _HEAP_FREE_ENTRY::Size, Status, and USHORT. Referenced by RtlFreeHeap(), RtlFreeHeapSlowly(), and RtlpCoalesceHeap(). : This routine takes a free block and decommits it. This is usually called because the block is beyond the decommit threshold Arguments: Heap - Supplies a pointer to the heap being manipulated FreeBlock - Supplies a pointer to the block being decommitted FreeSize - Supplies the size, in bytes, of the free block being decommitted Return Value: None. --*/ { NTSTATUS Status; ULONG_PTR DeCommitAddress; SIZE_T DeCommitSize; USHORT LeadingFreeSize, TrailingFreeSize; PHEAP_SEGMENT Segment; PHEAP_FREE_ENTRY LeadingFreeBlock, TrailingFreeBlock; PHEAP_ENTRY LeadingBusyBlock, TrailingBusyBlock; PHEAP_UNCOMMMTTED_RANGE UnCommittedRange; RTL_PAGED_CODE(); // // If the heap has a user specified decommit routine then we won't really // decommit anything instead we'll call a worker routine to chop it up // into pieces that will fit on the free lists // if (Heap->CommitRoutine != NULL) { RtlpInsertFreeBlock( Heap, FreeBlock, FreeSize ); return; } // // Get a pointer to the owning segment // Segment = Heap->Segments[ FreeBlock->SegmentIndex ]; // // The leading busy block identifies the preceding in use block before // what we are trying to decommit. It is only used if what we are trying // decommit is right on a page boundary and then it is the block right // before us if it exists. // // The leading free block is used to identify whatever space is needed // to round up the callers specified address to a page address. If the // caller already gave us a page aligned address then the free block // address is identical to what the caller supplied. // LeadingBusyBlock = NULL; LeadingFreeBlock = FreeBlock; // // Make sure the block we are trying to decommit start on the next full // page boundary. The leading free size is the size of whatever it takes // to round up the free block to the next page specified in units of // heap entries. // DeCommitAddress = ROUND_UP_TO_POWER2( LeadingFreeBlock, PAGE_SIZE ); LeadingFreeSize = (USHORT)((PHEAP_ENTRY)DeCommitAddress - (PHEAP_ENTRY)LeadingFreeBlock); // // If we leading free size only has space for one heap entry then we'll // bump it up to include the next page, because we don't want to leave // anything that small laying around. Otherwise if we have a preceding // block and the leading free size is zero then identify the preceding // block as the leading busy block // if (LeadingFreeSize == 1) { DeCommitAddress += PAGE_SIZE; LeadingFreeSize += PAGE_SIZE >> HEAP_GRANULARITY_SHIFT; } else if (LeadingFreeBlock->PreviousSize != 0) { if (DeCommitAddress == (ULONG_PTR)LeadingFreeBlock) { LeadingBusyBlock = (PHEAP_ENTRY)LeadingFreeBlock - LeadingFreeBlock->PreviousSize; } } // // The trailing busy block identifies the block immediately after the one // we are trying to decommit provided what we are decommitting ends right // on a page boundary otherwise the trailing busy block stays null and // the trailing free block value is used. // // **** gdk **** // **** the assignment of tailing free block doesn't seem right because // **** Free size should be in bytes, and not heap entries // TrailingBusyBlock = NULL; TrailingFreeBlock = (PHEAP_FREE_ENTRY)((PHEAP_ENTRY)FreeBlock + FreeSize); // // Make sure the block we are trying to decommit ends on a page boundary. // // And compute how many heap entries we had to backup to make it land on a // page boundary. // DeCommitSize = ROUND_DOWN_TO_POWER2( (ULONG_PTR)TrailingFreeBlock, PAGE_SIZE ); TrailingFreeSize = (USHORT)((PHEAP_ENTRY)TrailingFreeBlock - (PHEAP_ENTRY)DeCommitSize); // // If the trailing free size is exactly one heap in size then we will // nibble off a bit more from the decommit size because free block of // exactly one heap entry in size are useless. Otherwise if we actually // ended on a page boundary and there is a block after us then indicate // that we have a trailing busy block // if (TrailingFreeSize == (sizeof( HEAP_ENTRY ) >> HEAP_GRANULARITY_SHIFT)) { DeCommitSize -= PAGE_SIZE; TrailingFreeSize += PAGE_SIZE >> HEAP_GRANULARITY_SHIFT; } else if ((TrailingFreeSize == 0) && !(FreeBlock->Flags & HEAP_ENTRY_LAST_ENTRY)) { TrailingBusyBlock = (PHEAP_ENTRY)TrailingFreeBlock; } // // Now adjust the trailing free block to compensate for the trailing free size // we just computed. // TrailingFreeBlock = (PHEAP_FREE_ENTRY)((PHEAP_ENTRY)TrailingFreeBlock - TrailingFreeSize); // // Right now DeCommit size is really a pointer. If it points at is beyond // the decommit address then make the size really be just the byte count // to decommit. Otherwise the decommit size is zero. // if (DeCommitSize > DeCommitAddress) { DeCommitSize -= DeCommitAddress; } else { DeCommitSize = 0; } // // **** this next test is bogus given the if-then-else that just preceded it // // Now check if we still have something to decommit // if (DeCommitSize != 0) { // // Before freeing the memory to MM we have to be sure we can create // a PHEAP_UNCOMMMTTED_RANGE later. So we do it right now // UnCommittedRange = RtlpCreateUnCommittedRange(Segment); if (UnCommittedRange == NULL) { HeapDebugPrint(( "Failing creating uncommitted range (%x for %x)\n", DeCommitAddress, DeCommitSize )); // // We weren't successful in the decommit so now simply // add the leading free block to the free list // RtlpInsertFreeBlock( Heap, LeadingFreeBlock, FreeSize ); return; } // // Decommit the memory // Status = ZwFreeVirtualMemory( NtCurrentProcess(), (PVOID *)&DeCommitAddress, &DeCommitSize, MEM_DECOMMIT ); // // Push back the UnCommittedRange structure. Now the insert cannot fail // RtlpDestroyUnCommittedRange( Segment, UnCommittedRange ); if (NT_SUCCESS( Status )) { // // Insert information regarding the pages we just decommitted // to the lsit of uncommited pages in the segment // RtlpInsertUnCommittedPages( Segment, DeCommitAddress, DeCommitSize ); // // Adjust the segments count of uncommitted pages // Segment->NumberOfUnCommittedPages += (ULONG)(DeCommitSize / PAGE_SIZE); // // If we have a leading free block then mark its proper state // update the heap, and put it on the free list // if (LeadingFreeSize != 0) { LeadingFreeBlock->Flags = HEAP_ENTRY_LAST_ENTRY; LeadingFreeBlock->Size = LeadingFreeSize; Heap->TotalFreeSize += LeadingFreeSize; Segment->LastEntryInSegment = (PHEAP_ENTRY)LeadingFreeBlock; RtlpInsertFreeBlockDirect( Heap, LeadingFreeBlock, LeadingFreeSize ); // // Otherwise if we actually have a leading busy block then // make sure the busy block knows we're uncommitted // } else if (LeadingBusyBlock != NULL) { LeadingBusyBlock->Flags |= HEAP_ENTRY_LAST_ENTRY; Segment->LastEntryInSegment = LeadingBusyBlock; } else if ((Segment->LastEntryInSegment >= (PHEAP_ENTRY)DeCommitAddress) && ((PCHAR)Segment->LastEntryInSegment < ((PCHAR)DeCommitAddress + DeCommitSize))) { Segment->LastEntryInSegment = Segment->FirstEntry; } // // If there is a trailing free block then sets its state, // update the heap, and insert it on a free list // if (TrailingFreeSize != 0) { TrailingFreeBlock->PreviousSize = 0; TrailingFreeBlock->SegmentIndex = Segment->Entry.SegmentIndex; TrailingFreeBlock->Flags = 0; TrailingFreeBlock->Size = TrailingFreeSize; ((PHEAP_FREE_ENTRY)((PHEAP_ENTRY)TrailingFreeBlock + TrailingFreeSize))->PreviousSize = (USHORT)TrailingFreeSize; RtlpInsertFreeBlockDirect( Heap, TrailingFreeBlock, TrailingFreeSize ); Heap->TotalFreeSize += TrailingFreeSize; // // Otherwise if we actually have a succeeding block then // make it know we are uncommitted // } else if (TrailingBusyBlock != NULL) { TrailingBusyBlock->PreviousSize = 0; } } else { // // We weren't successful in the decommit so now simply // add the leading free block to the free list // RtlpInsertFreeBlock( Heap, LeadingFreeBlock, FreeSize ); } } else { // // There is nothing left to decommit to take our leading free block // and put it on a free list // RtlpInsertFreeBlock( Heap, LeadingFreeBlock, FreeSize ); } // // And return to our caller // return; }

NTKERNELAPI VOID RtlpDeleteHeapLookaside (  IN PHEAP_LOOKASIDE  Lookaside  )

Definition at line 101 of file rtl/lookasid.c. : This function frees any entries specified by the lookaside structure. Arguments: Lookaside - Supplies a pointer to a heap lookaside list structure. Return Value: None. --*/ { PVOID Entry; return; }

VOID RtlpDestroyTags (  PHEAP  Heap  )

Definition at line 5893 of file heapdll.c. References NT_SUCCESS, NtFreeVirtualMemory(), NTSTATUS(), NULL, Status, and _HEAP::TagEntries. Referenced by RtlDestroyHeap(). : This routine is used to completely remove all the normal tag entries in use by a heap Arguments: Heap - Supplies a pointer to the heap being modified Return Value: None. --*/ { NTSTATUS Status; SIZE_T RegionSize; // // We will only do the action if the heap has some tag entries // if (Heap->TagEntries != NULL) { // // Release all the memory used by the tag entries // RegionSize = 0; Status = NtFreeVirtualMemory( NtCurrentProcess(), &Heap->TagEntries, &RegionSize, MEM_RELEASE ); if (NT_SUCCESS( Status )) { Heap->TagEntries = NULL; } } // // And return to our caller // return; }

PHEAP_FREE_ENTRY RtlpFindAndCommitPages (  IN PHEAP  Heap, IN PHEAP_SEGMENT  Segment, IN OUT PSIZE_T  Size, IN PVOID AddressWanted  OPTIONAL )

Definition at line 4422 of file rtl/heap.c. References _HEAP_UNCOMMMTTED_RANGE::Address, _HEAP_ENTRY::Flags, HEAP_ENTRY_LAST_ENTRY, HEAP_GRANULARITY_SHIFT, HeapDebugBreak, HeapDebugPrint, _HEAP_UNCOMMMTTED_RANGE::Next, NT_SUCCESS, NTSTATUS(), NULL, PAGE_SIZE, _HEAP_ENTRY::PreviousSize, RTL_PAGED_CODE, RtlpDestroyUnCommittedRange(), _HEAP_ENTRY::SegmentIndex, _HEAP_ENTRY::Size, Size, _HEAP_UNCOMMMTTED_RANGE::Size, Status, and USHORT. Referenced by RtlpExtendHeap(), and RtlpGrowBlockInPlace(). : This function searches the supplied segment for an uncommitted range that satisfies the specified size. It commits the range and returns a heap entry for the range. Arguments: Heap - Supplies the heap being maniuplated Segment - Supplies the segment being searched Size - Supplies the size of what we need to look for, on return it contains the size of what we're just found and committed. AddressWanted - Optionally gives an address where we would like the pages based. If supplied the entry must start at this address Return Value: PHEAP_FREE_ENTRY - Returns a pointer to the newly committed range that satisfies the given size requirement, or NULL if we could not find something large enough and/or based at the address wanted. --*/ { NTSTATUS Status; PHEAP_ENTRY FirstEntry, LastEntry, PreviousLastEntry; PHEAP_UNCOMMMTTED_RANGE PreviousUnCommittedRange, UnCommittedRange, *pp; ULONG_PTR Address; SIZE_T Length; RTL_PAGED_CODE(); // // What the outer loop does is cycle through the uncommited ranges // stored in in the specified segment // PreviousUnCommittedRange = NULL; pp = &Segment->UnCommittedRanges; while (UnCommittedRange = *pp) { // // Check for the best of worlds, where the size of this current // uncommitted range satisfies our size request and either the user // didn't specify an address or the address match // if ((UnCommittedRange->Size >= *Size) && (!ARGUMENT_PRESENT( AddressWanted ) || (UnCommittedRange->Address == (ULONG_PTR)AddressWanted ))) { // // Calculate an address // Address = UnCommittedRange->Address; // // Commit the memory. If the heap doesn't have a commit // routine then use the default mm supplied routine. // if (Heap->CommitRoutine != NULL) { Status = (Heap->CommitRoutine)( Heap, (PVOID *)&Address, Size ); } else { Status = ZwAllocateVirtualMemory( NtCurrentProcess(), (PVOID *)&Address, 0, Size, MEM_COMMIT, PAGE_READWRITE ); } if (!NT_SUCCESS( Status )) { return NULL; } // // At this point we have some committed memory, with Address and Size // giving us the necessary details // // Update the number of uncommitted pages in the segment and if necessary // mark down the largest uncommitted range // Segment->NumberOfUnCommittedPages -= (ULONG) (*Size / PAGE_SIZE); if (Segment->LargestUnCommittedRange == UnCommittedRange->Size) { Segment->LargestUnCommittedRange = 0; } // // First entry is the start of the newly committed range // FirstEntry = (PHEAP_ENTRY)Address; // // We want last entry to point to the last real entry before // this newly committed spot. To do this we start by // setting last entry to either the first entry for the // segment or (if we can do better), to right after the last // uncommitted range we examined. Either way it points to // some committed range // if ((Segment->LastEntryInSegment->Flags & HEAP_ENTRY_LAST_ENTRY) && (ULONG_PTR)(Segment->LastEntryInSegment + Segment->LastEntryInSegment->Size) == UnCommittedRange->Address) { LastEntry = Segment->LastEntryInSegment; } else { if (PreviousUnCommittedRange == NULL) { LastEntry = Segment->FirstEntry; } else { LastEntry = (PHEAP_ENTRY)(PreviousUnCommittedRange->Address + PreviousUnCommittedRange->Size); } // // Now we zoom through the entries until we find the one // marked last // while (!(LastEntry->Flags & HEAP_ENTRY_LAST_ENTRY)) { PreviousLastEntry = LastEntry; LastEntry += LastEntry->Size; if (((PCHAR)LastEntry >= (PCHAR)Segment->LastValidEntry) || (LastEntry->Size == 0)) { // // Check for the situation where the last entry in the // segment isn't marked as a last entry but does put // us right where the have a new committed range // if (LastEntry == (PHEAP_ENTRY)Address) { LastEntry = PreviousLastEntry; break; } HeapDebugPrint(( "Heap missing last entry in committed range near %x\n", PreviousLastEntry )); HeapDebugBreak( PreviousLastEntry ); return NULL; } } } // // Turn off the last bit on this entry because what's following // is no longer uncommitted // LastEntry->Flags &= ~HEAP_ENTRY_LAST_ENTRY; // // Shrink the uncommited range by the size we've committed // UnCommittedRange->Address += *Size; UnCommittedRange->Size -= *Size; // // Now if the size is zero then we've committed everything that there // was in the range. Otherwise make sure the first entry of what // we've just committed knows that an uncommitted range follows. // if (UnCommittedRange->Size == 0) { // // This uncommitted range is about to vanish. Base on if the // range is the last one in the segemnt then we know how to // mark the committed range as being last or not. // if (UnCommittedRange->Address == (ULONG_PTR)Segment->LastValidEntry) { FirstEntry->Flags = HEAP_ENTRY_LAST_ENTRY; Segment->LastEntryInSegment = FirstEntry; } else { FirstEntry->Flags = 0; Segment->LastEntryInSegment = Segment->FirstEntry; } // // Remove this zero sized range from the uncommitted range // list, and update the segment counters // *pp = UnCommittedRange->Next; RtlpDestroyUnCommittedRange( Segment, UnCommittedRange ); Segment->NumberOfUnCommittedRanges -= 1; } else { // // Otherwise the range is not empty so we know what we committed // is immediately followed by an uncommitted range // FirstEntry->Flags = HEAP_ENTRY_LAST_ENTRY; Segment->LastEntryInSegment = FirstEntry; } // // Update the fields in the first entry, and optional // following entry. // FirstEntry->SegmentIndex = LastEntry->SegmentIndex; FirstEntry->Size = (USHORT)(*Size >> HEAP_GRANULARITY_SHIFT); FirstEntry->PreviousSize = LastEntry->Size; if (!(FirstEntry->Flags & HEAP_ENTRY_LAST_ENTRY)) { (FirstEntry + FirstEntry->Size)->PreviousSize = FirstEntry->Size; } // // Now if we adjusted the largest uncommitted range to zero then // we need to go back and find the largest uncommitted range // To do that we simply zoom down the uncommitted range list // remembering the largest one // if (Segment->LargestUnCommittedRange == 0) { UnCommittedRange = Segment->UnCommittedRanges; while (UnCommittedRange != NULL) { if (UnCommittedRange->Size >= Segment->LargestUnCommittedRange) { Segment->LargestUnCommittedRange = UnCommittedRange->Size; } UnCommittedRange = UnCommittedRange->Next; } } // // And return the heap entry to our caller // return (PHEAP_FREE_ENTRY)FirstEntry; } else { // // Otherwise the current uncommited range is too small or // doesn't have the right address so go to the next uncommitted // range entry // PreviousUnCommittedRange = UnCommittedRange; pp = &UnCommittedRange->Next; } } // // At this point we did not find an uncommitted range entry that satisfied // our requirements either because of size and/or address. So return null // to tell the user we didn't find anything. // return NULL; }

NTKERNELAPI BOOLEAN RtlpFreeToHeapLookaside (  IN PHEAP_LOOKASIDE  Lookaside, IN PVOID  Entry )

Definition at line 288 of file rtl/lookasid.c. References EXCEPTION_EXECUTE_HANDLER, FALSE, RtlpInterlockedPushEntrySList(), RtlpQueryDepthSList, and TRUE. Referenced by RtlFreeHeap(). : This function inserts (pushes) the specified entry into the specified paged lookaside list. Arguments: Lookaside - Supplies a pointer to a paged lookaside list structure. Entry - Supples a pointer to the entry that is inserted in the lookaside list. Return Value: BOOLEAN - TRUE if the entry was put on the lookaside list and FALSE otherwise. --*/ { Lookaside->TotalFrees += 1; #if defined(_X86_) if (USER_SHARED_DATA->ProcessorFeatures[PF_COMPARE_EXCHANGE_DOUBLE]) { #endif // defined(_X86_) if (RtlpQueryDepthSList(&Lookaside->ListHead) < Lookaside->Depth) { // // We need to protect ourselves from a second thread that can // cause us to fault on the push. If we do fault then we'll // just do a regular free operation // try { RtlpInterlockedPushEntrySList(&Lookaside->ListHead, (PSINGLE_LIST_ENTRY)Entry); } except (EXCEPTION_EXECUTE_HANDLER) { Lookaside->FreeMisses += 1; return FALSE; } return TRUE; } #if defined(_X86_) } #endif // defined(_X86_) Lookaside->FreeMisses += 1; return FALSE; }

PHEAP_ENTRY_EXTRA RtlpGetExtraStuffPointer (  PHEAP_ENTRY  BusyBlock  )

Definition at line 6008 of file rtl/heap.c. References _HEAP_VIRTUAL_ALLOC_ENTRY::ExtraStuff, _HEAP_ENTRY::Flags, HEAP_ENTRY_VIRTUAL_ALLOC, and _HEAP_ENTRY::Size. Referenced by RtlAllocateHeapSlowly(), RtlDebugAllocateHeap(), RtlDebugFreeHeap(), RtlDebugReAllocateHeap(), RtlGetUserInfoHeap(), RtlpValidateHeapSegment(), RtlReAllocateHeap(), RtlSetUserValueHeap(), RtlUsageHeap(), and RtlWalkHeap(). : This routine calculates where the extra stuff record will be given the busy block and returns a pointer to it. The caller must have already checked that the entry extry field is present Arguments: BusyBlock - Supplies the busy block whose extra stuff we are seeking Return Value: PHEAP_ENTRY_EXTRA - returns a pointer to the extra stuff record. --*/ { ULONG AllocationIndex; // // On big blocks the extra stuff is automatically part of the // block // if (BusyBlock->Flags & HEAP_ENTRY_VIRTUAL_ALLOC) { PHEAP_VIRTUAL_ALLOC_ENTRY VirtualAllocBlock; VirtualAllocBlock = CONTAINING_RECORD( BusyBlock, HEAP_VIRTUAL_ALLOC_ENTRY, BusyBlock ); return &VirtualAllocBlock->ExtraStuff; } else { // // On non big blocks the extra stuff follows immediately after // the allocation itself. // // **** What a hack // **** We do some funny math here because the busy block // **** stride is 8 bytes we know we can stride it by its // **** index minus one to get to the end of the allocation // AllocationIndex = BusyBlock->Size; return (PHEAP_ENTRY_EXTRA)(BusyBlock + AllocationIndex - 1); } }

SIZE_T RtlpGetSizeOfBigBlock (  IN PHEAP_ENTRY  BusyBlock  )

Definition at line 6070 of file rtl/heap.c. References _HEAP_VIRTUAL_ALLOC_ENTRY::CommitSize, and RTL_PAGED_CODE. Referenced by RtlpCheckBusyBlockTail(), RtlReAllocateHeap(), RtlSizeHeap(), and RtlWalkHeap(). : This routine returns the size, in bytes, of the big allocation block Arguments: BusyBlock - Supplies a pointer to the block being queried Return Value: SIZE_T - Returns the size, in bytes, that was allocated to the big block --*/ { PHEAP_VIRTUAL_ALLOC_ENTRY VirtualAllocBlock; RTL_PAGED_CODE(); // // Get a pointer to the block header itself // VirtualAllocBlock = CONTAINING_RECORD( BusyBlock, HEAP_VIRTUAL_ALLOC_ENTRY, BusyBlock ); // // The size allocated to the block is actually the difference between the // commit size stored in the virtual alloc block and the size stored in // in the block. // return VirtualAllocBlock->CommitSize - BusyBlock->Size; }

PWSTR RtlpGetTagName (  PHEAP  Heap, USHORT  TagIndex )

Definition at line 5425 of file heapdll.c. References HEAP_GRANULARITY_SHIFT, HEAP_MAXIMUM_FREELISTS, HEAP_NUMBER_OF_PSEUDO_TAG, L, _HEAP::NextAvailableTagIndex, NULL, _HEAP::PseudoTagEntries, RtlpGlobalTagHeap, RtlpPseudoTagNameBuffer, _HEAP::TagEntries, and _HEAP_TAG_ENTRY::TagName. Referenced by RtlDebugAllocateHeap(), RtlDebugFreeHeap(), and RtlDebugReAllocateHeap(). : This routine returns the name of the tag denoted by the heap, tagindex tuple. This routine is only called by heapdbg when doing a debug print to generate a tag name for printing Arguments: Heap - Supplies the tag being queried TagIndex - Supplies the index for the tag being queried Return Value: PWSTR - returns the name of the indicated tag --*/ { // // If the processes global tag heap has not been initialized then // not tag has a name // if (RtlpGlobalTagHeap == NULL) { return NULL; } // // We only deal with non zero tag indices // if (TagIndex != 0) { // // If the tag index is for a pseudo tag then we clear the // the psuedo bit and generate a pseudo tag name // if (TagIndex & HEAP_PSEUDO_TAG_FLAG) { TagIndex &= ~HEAP_PSEUDO_TAG_FLAG; // // Check that the tag index is valid and that the heap // has some psuedo tag entries // if ((TagIndex < HEAP_NUMBER_OF_PSEUDO_TAG) && (Heap->PseudoTagEntries != NULL)) { // // A pseudo tag index of zero denote objects // if (TagIndex == 0) { swprintf( RtlpPseudoTagNameBuffer, L"Objects>%4u", HEAP_MAXIMUM_FREELISTS << HEAP_GRANULARITY_SHIFT ); // // A psuedo tag index less than the free list maximum // denotes the dedicated free list // } else if (TagIndex < HEAP_MAXIMUM_FREELISTS) { swprintf( RtlpPseudoTagNameBuffer, L"Objects=%4u", TagIndex << HEAP_GRANULARITY_SHIFT ); // // Otherwise the pseudo tag is for the big allocations // } else { swprintf( RtlpPseudoTagNameBuffer, L"VirtualAlloc" ); } return RtlpPseudoTagNameBuffer; } // // Otherwise if the tag index is for a global tag then we pull // the name off of the global heap. Provided the index is valid // and the heap does have some tag entries // } else if (TagIndex & HEAP_GLOBAL_TAG) { TagIndex &= ~HEAP_GLOBAL_TAG; if ((TagIndex < RtlpGlobalTagHeap->NextAvailableTagIndex) && (RtlpGlobalTagHeap->TagEntries != NULL)) { return RtlpGlobalTagHeap->TagEntries[ TagIndex ].TagName; } // // Otherwise we'll pull the name off of the input heap // provided the index is valid and the heap does have some // tag entries // } else if ((TagIndex < Heap->NextAvailableTagIndex) && (Heap->TagEntries != NULL)) { return Heap->TagEntries[ TagIndex ].TagName; } } return NULL; }

NTKERNELAPI VOID RtlpInitializeHeapLookaside (  IN PHEAP_LOOKASIDE  Lookaside, IN USHORT  Depth )

Definition at line 45 of file rtl/lookasid.c. References MINIMUM_LOOKASIDE_DEPTH, and RtlpInitializeSListHead. Referenced by RtlCreateHeap(). : This function initializes a heap lookaside list structure Arguments: Lookaside - Supplies a pointer to a heap lookaside list structure. Allocate - Supplies a pointer to an allocate function. Free - Supplies a pointer to a free function. HeapHandle - Supplies a pointer to the heap that backs this lookaside list Flags - Supplies a set of heap flags. Size - Supplies the size for the lookaside list entries. Depth - Supplies the maximum depth of the lookaside list. Return Value: None. --*/ { // // Initialize the lookaside list structure. // RtlpInitializeSListHead(&Lookaside->ListHead); Lookaside->Depth = MINIMUM_LOOKASIDE_DEPTH; Lookaside->MaximumDepth = 256; //Depth; Lookaside->TotalAllocates = 0; Lookaside->AllocateMisses = 0; Lookaside->TotalFrees = 0; Lookaside->FreeMisses = 0; Lookaside->LastTotalAllocates = 0; Lookaside->LastAllocateMisses = 0; return; }

BOOLEAN RtlpInitializeHeapSegment (  IN PHEAP  Heap, IN PHEAP_SEGMENT  Segment, IN UCHAR  SegmentIndex, IN ULONG  Flags, IN PVOID  BaseAddress, IN PVOID  UnCommittedAddress, IN PVOID  CommitLimitAddress )

Definition at line 4732 of file rtl/heap.c. References FALSE, _HEAP_ENTRY::Flags, HEAP_ENTRY_BUSY, HEAP_ENTRY_LAST_ENTRY, HEAP_GRANULARITY, HEAP_GRANULARITY_SHIFT, HEAP_SEGMENT_SIGNATURE, NT_SUCCESS, NtGlobalFlag, NTSTATUS(), PAGE_SIZE, _HEAP_ENTRY::PreviousSize, ROUND_UP_TO_POWER2, RTL_PAGED_CODE, RtlGetNtGlobalFlags(), RtlpInsertFreeBlock(), RtlpInsertUnCommittedPages(), _HEAP_ENTRY::SegmentIndex, Size, Status, TRUE, and USHORT. Referenced by RtlCreateHeap(), RtlExtendHeap(), and RtlpExtendHeap(). : This routines initializes the internal structures for a heap segment. The caller supplies the heap and the memory for the segment being initialized Arguments: Heap - Supplies the address of the heap owning this segment Segment - Supplies a pointer to the segment being initialized SegmentIndex - Supplies the segement index within the heap that this new segment is being assigned Flags - Supplies flags controlling the initialization of the segment Valid flags are: HEAP_SEGMENT_USER_ALLOCATED BaseAddress - Supplies the base address for the segment UnCommittedAddress - Supplies the address where the uncommited range starts CommitLimitAddress - Supplies the top address available to the segment Return Value: BOOLEAN - TRUE if the initialization is successful and FALSE otherwise --*/ { NTSTATUS Status; PHEAP_ENTRY FirstEntry; USHORT PreviousSize, Size; ULONG NumberOfPages; ULONG NumberOfCommittedPages; ULONG NumberOfUnCommittedPages; SIZE_T CommitSize; ULONG NtGlobalFlag = RtlGetNtGlobalFlags(); RTL_PAGED_CODE(); // // Compute the total number of pages possible in this segment // NumberOfPages = (ULONG) (((PCHAR)CommitLimitAddress - (PCHAR)BaseAddress) / PAGE_SIZE); // // First entry points to the first possible segment entry after // the segment header // FirstEntry = (PHEAP_ENTRY)ROUND_UP_TO_POWER2( Segment + 1, HEAP_GRANULARITY ); // // Now if the heap is equal to the base address for the segment which // it the case for the segment zero then the previous size is the // heap header. Otherwise there isn't a previous entry // if ((PVOID)Heap == BaseAddress) { PreviousSize = Heap->Entry.Size; } else { PreviousSize = 0; } // // Compute the index size of the segement header // Size = (USHORT)(((PCHAR)FirstEntry - (PCHAR)Segment) >> HEAP_GRANULARITY_SHIFT); // // If the first available heap entry is not committed and // it is beyond the heap limit then we cannot initialize // if ((PCHAR)(FirstEntry + 1) >= (PCHAR)UnCommittedAddress) { if ((PCHAR)(FirstEntry + 1) >= (PCHAR)CommitLimitAddress) { return FALSE; } // // Enough of the segment has not been committed so we // will commit enough now to handle the first entry // CommitSize = (PCHAR)(FirstEntry + 1) - (PCHAR)UnCommittedAddress; Status = ZwAllocateVirtualMemory( NtCurrentProcess(), (PVOID *)&UnCommittedAddress, 0, &CommitSize, MEM_COMMIT, PAGE_READWRITE ); if (!NT_SUCCESS( Status )) { return FALSE; } // // Because we had to commit some memory we need to adjust // the uncommited address // UnCommittedAddress = (PVOID)((PCHAR)UnCommittedAddress + CommitSize); } // // At this point we know there is enough memory committed to handle the // segment header and one heap entry // // Now compute the number of uncommited pages and the number of committed // pages // NumberOfUnCommittedPages = (ULONG)(((PCHAR)CommitLimitAddress - (PCHAR)UnCommittedAddress) / PAGE_SIZE); NumberOfCommittedPages = NumberOfPages - NumberOfUnCommittedPages; // // Initialize the heap segment heap entry. We // calculated earlier if there was a previous entry // Segment->Entry.PreviousSize = PreviousSize; Segment->Entry.Size = Size; Segment->Entry.Flags = HEAP_ENTRY_BUSY; Segment->Entry.SegmentIndex = SegmentIndex; #if i386 && !NTOS_KERNEL_RUNTIME // // In the non kernel x86 case see if we need to capture the callers stack // backtrace // if (NtGlobalFlag & FLG_USER_STACK_TRACE_DB) { Segment->AllocatorBackTraceIndex = (USHORT)RtlLogStackBackTrace(); } #endif // i386 && !NTOS_KERNEL_RUNTIME // // Now initializes the heap segment // Segment->Signature = HEAP_SEGMENT_SIGNATURE; Segment->Flags = Flags; Segment->Heap = Heap; Segment->BaseAddress = BaseAddress; Segment->FirstEntry = FirstEntry; Segment->LastValidEntry = (PHEAP_ENTRY)((PCHAR)BaseAddress + (NumberOfPages * PAGE_SIZE)); Segment->NumberOfPages = NumberOfPages; Segment->NumberOfUnCommittedPages = NumberOfUnCommittedPages; // // If there are uncommitted pages then we need to insert them // into the uncommitted ranges list // if (NumberOfUnCommittedPages) { RtlpInsertUnCommittedPages( Segment, (ULONG_PTR)UnCommittedAddress, NumberOfUnCommittedPages * PAGE_SIZE ); } // // Have the containing heap point to this segment via the specified index // Heap->Segments[ SegmentIndex ] = Segment; // // Initialize the first free heap entry after the heap segment header and // put it in the free list. This first entry will be for whatever is left // of the committed range // PreviousSize = Segment->Entry.Size; FirstEntry->Flags = HEAP_ENTRY_LAST_ENTRY; Segment->LastEntryInSegment = FirstEntry; FirstEntry->PreviousSize = PreviousSize; FirstEntry->SegmentIndex = SegmentIndex; RtlpInsertFreeBlock( Heap, (PHEAP_FREE_ENTRY)FirstEntry, (PHEAP_ENTRY)UnCommittedAddress - FirstEntry); // // And return to our caller // return TRUE; }

VOID RtlpInsertFreeBlock (  IN PHEAP  Heap, IN PHEAP_FREE_ENTRY  FreeBlock, IN SIZE_T  FreeSize )

Definition at line 5849 of file rtl/heap.c. References _HEAP_SEGMENT::Flags, HEAP_ENTRY_LAST_ENTRY, HEAP_MAXIMUM_BLOCK_SIZE, _HEAP_SEGMENT::LastValidEntry, RTL_PAGED_CODE, RtlpInsertFreeBlockDirect, Size, and USHORT. Referenced by RtlAllocateHeap(), RtlAllocateHeapSlowly(), RtlFreeHeap(), RtlFreeHeapSlowly(), RtlpCoalesceHeap(), RtlpDeCommitFreeBlock(), RtlpExtendHeap(), RtlpGrowBlockInPlace(), RtlpInitializeHeapSegment(), and RtlReAllocateHeap(). : This routines take a piece of committed memory and adds to the the appropriate free lists for the heap. If necessary this routine will divide up the free block to sizes that fit on the free list Arguments: Heap - Supplies a pointer to the owning heap FreeBlock - Supplies a pointer to the block being freed FreeSize - Supplies the size, in bytes, of the block being freed Return Value: None. --*/ { USHORT PreviousSize, Size; UCHAR Flags; UCHAR SegmentIndex; PHEAP_SEGMENT Segment; RTL_PAGED_CODE(); // // Get the size of the previous block, the index of the segment // containing this block, and the flags specific to the block // PreviousSize = FreeBlock->PreviousSize; SegmentIndex = FreeBlock->SegmentIndex; Segment = Heap->Segments[ SegmentIndex ]; Flags = FreeBlock->Flags; // // Adjust the total amount free in the heap // Heap->TotalFreeSize += FreeSize; // // Now, while there is still something left to add to the free list // we'll process the information // while (FreeSize != 0) { // // If the size is too big for our free lists then we'll // chop it down. // if (FreeSize > (ULONG)HEAP_MAXIMUM_BLOCK_SIZE) { Size = HEAP_MAXIMUM_BLOCK_SIZE; // // This little adjustment is so that we don't have a remainder // that is too small to be useful on the next iteration // through the loop // if (FreeSize == ((ULONG)HEAP_MAXIMUM_BLOCK_SIZE + 1)) { Size -= 16; } // // Guarantee that Last entry does not get set in this // block. // FreeBlock->Flags = 0; } else { Size = (USHORT)FreeSize; // // This could propagate the last entry flag // FreeBlock->Flags = Flags; } // // Update the block sizes and then insert this // block into a free list // FreeBlock->PreviousSize = PreviousSize; FreeBlock->SegmentIndex = SegmentIndex; FreeBlock->Size = Size; RtlpInsertFreeBlockDirect( Heap, FreeBlock, Size ); // // Note the size of what we just freed, and then update // our state information for the next time through the // loop // PreviousSize = Size; FreeSize -= Size; FreeBlock = (PHEAP_FREE_ENTRY)((PHEAP_ENTRY)FreeBlock + Size); // // Check if we're done with the free block based on the // segment information, otherwise go back up and check size // Note that is means that we can get called with a very // large size and still work. // if ((PHEAP_ENTRY)FreeBlock >= Segment->LastValidEntry) { return; } } // // If the block we're freeing did not think it was the last entry // then tell the next block our real size. // if (!(Flags & HEAP_ENTRY_LAST_ENTRY)) { FreeBlock->PreviousSize = PreviousSize; } // // And return to our caller // return; }

VOID RtlpRemoveHeapFromProcessList (  IN PHEAP  Heap  )

Definition at line 4571 of file heapdll.c. References _HEAP_LOCK::Lock, n, NULL, RtlAcquireLockRoutine, RtlpProcessHeapsListLock, RtlpUpdateHeapListIndex(), RtlReleaseLockRoutine, and USHORT. Referenced by RtlDestroyHeap(). : This routine removes the specified heap to the heap list for the current process Arguments: Heap - Supplies a pointer to the heap being removed Return Value: None. --*/ { PPEB Peb = NtCurrentPeb(); PHEAP *p, *p1; ULONG n; // // Lock the current processes heap list lock // RtlAcquireLockRoutine( &RtlpProcessHeapsListLock.Lock ); try { // // We only want to the the work if the current process actually has some // heaps, the index stored in the heap is within the range for active // heaps. Note that the heaps stored index is bias by one. // if ((Peb->NumberOfHeaps != 0) && (Heap->ProcessHeapsListIndex != 0) && (Heap->ProcessHeapsListIndex <= Peb->NumberOfHeaps)) { // // Establish a pointer into the array of process heaps at the // current heap location and one beyond // p = (PHEAP *)&Peb->ProcessHeaps[ Heap->ProcessHeapsListIndex - 1 ]; p1 = p + 1; // // Calculate the number of heaps that exist beyond the current // heap in the array including the current heap location // n = Peb->NumberOfHeaps - (Heap->ProcessHeapsListIndex - 1); // // For every heap beyond the current one that we are removing // we'll move that heap down to the previous index. // while (--n) { // // Copy the heap process array entry of the next entry to // the current entry, and move p1 to the next next entry // *p = *p1++; // // This is simply a debugging call // RtlpUpdateHeapListIndex( (*p)->ProcessHeapsListIndex, (USHORT)((*p)->ProcessHeapsListIndex - 1)); // // Assign the moved heap its new heap index // (*p)->ProcessHeapsListIndex -= 1; // // Move on to the next heap entry // p += 1; } // // Zero out the last process heap pointer, update the count, and // make the heap we just removed realize it has been removed by // zeroing out its process heap list index // Peb->ProcessHeaps[ --Peb->NumberOfHeaps ] = NULL; Heap->ProcessHeapsListIndex = 0; } } finally { // // Unlock the current processes heap list lock // RtlReleaseLockRoutine( &RtlpProcessHeapsListLock.Lock ); } return; }

VOID RtlpResetTags (  PHEAP  Heap  )

Definition at line 5802 of file heapdll.c. References _HEAP_PSEUDO_TAG_ENTRY::Allocs, _HEAP_TAG_ENTRY::Allocs, _HEAP_PSEUDO_TAG_ENTRY::Frees, _HEAP_TAG_ENTRY::Frees, HEAP_NUMBER_OF_PSEUDO_TAG, _HEAP::NextAvailableTagIndex, NULL, _HEAP::PseudoTagEntries, _HEAP_PSEUDO_TAG_ENTRY::Size, _HEAP_TAG_ENTRY::Size, and _HEAP::TagEntries. : This routine is used to reset all the tag entries in a heap Arguments: Heap - Supplies a pointer to the heap being modified Return Value: None. --*/ { PHEAP_TAG_ENTRY TagEntry; PHEAP_PSEUDO_TAG_ENTRY PseudoTagEntry; ULONG i; // // We only have work to do if the heap has any allocated tag entries // TagEntry = Heap->TagEntries; if (TagEntry != NULL) { // // For every tag entry in the heap we will zero out its counters // for (i=0; i<Heap->NextAvailableTagIndex; i++) { TagEntry->Allocs = 0; TagEntry->Frees = 0; TagEntry->Size = 0; // // Advance to the next tag entry // TagEntry += 1; } } // // We will only reset the pseudo tags if they exist // PseudoTagEntry = Heap->PseudoTagEntries; if (PseudoTagEntry != NULL) { // // For every pseudo tag entry in the heap we will zero out its // counters // for (i=0; i<HEAP_NUMBER_OF_PSEUDO_TAG; i++) { PseudoTagEntry->Allocs = 0; PseudoTagEntry->Frees = 0; PseudoTagEntry->Size = 0; // // Advance to the next pseudo tag entry // PseudoTagEntry += 1; } } // // And return to our caller // return; }

VOID RtlpUpdateHeapListIndex (  USHORT  OldIndex, USHORT  NewIndex )

Definition at line 76 of file heapdbg.c. References _HEAP_STOP_ON_VALUES::AllocTag, _HEAP_STOP_ON_VALUES::FreeTag, _HEAP_STOP_ON_TAG::HeapIndex, _HEAP_STOP_ON_VALUES::ReAllocTag, and RtlpHeapStopOn. Referenced by RtlpRemoveHeapFromProcessList(). : Arguments: Return Value: --*/ { if (RtlpHeapStopOn.AllocTag.HeapIndex == OldIndex) { RtlpHeapStopOn.AllocTag.HeapIndex = NewIndex; } if (RtlpHeapStopOn.ReAllocTag.HeapIndex == OldIndex) { RtlpHeapStopOn.ReAllocTag.HeapIndex = NewIndex; } if (RtlpHeapStopOn.FreeTag.HeapIndex == OldIndex) { RtlpHeapStopOn.FreeTag.HeapIndex = NewIndex; } return; }

USHORT RtlpUpdateTagEntry (  PHEAP  Heap, USHORT  TagIndex, SIZE_T  OldSize, SIZE_T  NewSize, HEAP_TAG_ACTION  Action )

Definition at line 5554 of file heapdll.c. References Action, _HEAP_TAG_ENTRY::Allocs, FreeAction, _HEAP_TAG_ENTRY::Frees, HEAP_MAXIMUM_FREELISTS, HEAP_NUMBER_OF_PSEUDO_TAG, HEAP_TAG_ACTION, _HEAP::NextAvailableTagIndex, NULL, _HEAP::PseudoTagEntries, ReAllocationAction, RtlpGlobalTagHeap, _HEAP_TAG_ENTRY::Size, _HEAP::TagEntries, USHORT, VirtualAllocationAction, and VirtualReAllocationAction. Referenced by RtlAllocateHeapSlowly(), RtlFreeHeapSlowly(), RtlpGrowBlockInPlace(), and RtlReAllocateHeap(). : This routine is used to modify a tag entry Arguments: Heap - Supplies a pointer to the heap being modified TagIndex - Supplies the tag being modified OldSize - Supplies the old allocation index of the block associated with the tag NewSize - Supplies the new allocation index of the block associated with the tag Action - Supplies the type of action being performed on the heap tag Return Value: USHORT - Returns a tag index for the newly updated tag --*/ { PHEAP_TAG_ENTRY TagEntry; // // If the processes tag heap does not exist then we'll return a zero index // right away // if (RtlpGlobalTagHeap == NULL) { return 0; } // // If the action is greater than or equal to free action then it is // either FreeAction, VirtualFreeAction, ReAllocationAction, or // VirtualReAllocationAction. Which means we already should have a tag // that is simply being modified // if (Action >= FreeAction) { // // If the tag index is zero then there is nothing for us to do // if (TagIndex == 0) { return 0; } // // If this is a pseudo tag then make sure the rest of the tag index // after we remove the psuedo bit is valid and that the heap is // actually maintaining pseudo tags // if (TagIndex & HEAP_PSEUDO_TAG_FLAG) { TagIndex &= ~HEAP_PSEUDO_TAG_FLAG; if ((TagIndex < HEAP_NUMBER_OF_PSEUDO_TAG) && (Heap->PseudoTagEntries != NULL)) { TagEntry = (PHEAP_TAG_ENTRY)(Heap->PseudoTagEntries + TagIndex); TagIndex |= HEAP_PSEUDO_TAG_FLAG; } else { return 0; } // // Otherwise if this is a global tag then make sure the tag index // after we remove the global bit is valid and that the global tag // heap has some tag entries // } else if (TagIndex & HEAP_GLOBAL_TAG) { TagIndex &= ~HEAP_GLOBAL_TAG; if ((TagIndex < RtlpGlobalTagHeap->NextAvailableTagIndex) && (RtlpGlobalTagHeap->TagEntries != NULL)) { TagEntry = &RtlpGlobalTagHeap->TagEntries[ TagIndex ]; TagIndex |= HEAP_GLOBAL_TAG; } else { return 0; } // // Otherwise we have a regular tag index that we need to make sure // is a valid value and that the heap has some tag entries // } else if ((TagIndex < Heap->NextAvailableTagIndex) && (Heap->TagEntries != NULL)) { TagEntry = &Heap->TagEntries[ TagIndex ]; } else { return 0; } // // At this point we have a tag entry and tag index. Increment the // number of frees we've done on the tag, and decrement the size by // the number of bytes we've just freed // TagEntry->Frees += 1; TagEntry->Size -= OldSize; // // Now if the action is either ReAllocationAction or // VirtualReAllocationAction. Then we get to add back in the // new size and the allocation count // if (Action >= ReAllocationAction) { // // If the this is a pseudo tag then we tag entry goes off the // pseudo tag list // if (TagIndex & HEAP_PSEUDO_TAG_FLAG) { TagIndex = (USHORT)(NewSize < HEAP_MAXIMUM_FREELISTS ? NewSize : (Action == VirtualReAllocationAction ? HEAP_MAXIMUM_FREELISTS : 0)); TagEntry = (PHEAP_TAG_ENTRY)(Heap->PseudoTagEntries + TagIndex); TagIndex |= HEAP_PSEUDO_TAG_FLAG; } TagEntry->Allocs += 1; TagEntry->Size += NewSize; } // // The action is either AllocationAction or VirtualAllocationAction // } else { // // Check if the supplied tag index is a regular tag and that it is // valid for the tags in this heap // if ((TagIndex != 0) && (TagIndex < Heap->NextAvailableTagIndex) && (Heap->TagEntries != NULL)) { TagEntry = &Heap->TagEntries[ TagIndex ]; // // Otherwise if this is a global tag then make sure that it is a // valid global index // } else if (TagIndex & HEAP_GLOBAL_TAG) { TagIndex &= ~HEAP_GLOBAL_TAG; Heap = RtlpGlobalTagHeap; if ((TagIndex < Heap->NextAvailableTagIndex) && (Heap->TagEntries != NULL)) { TagEntry = &Heap->TagEntries[ TagIndex ]; TagIndex |= HEAP_GLOBAL_TAG; } else { return 0; } // // Otherwise if this is a pseudo tag then build a valid tag index // based on the new size of the allocation // } else if (Heap->PseudoTagEntries != NULL) { TagIndex = (USHORT)(NewSize < HEAP_MAXIMUM_FREELISTS ? NewSize : (Action == VirtualAllocationAction ? HEAP_MAXIMUM_FREELISTS : 0)); TagEntry = (PHEAP_TAG_ENTRY)(Heap->PseudoTagEntries + TagIndex); TagIndex |= HEAP_PSEUDO_TAG_FLAG; // // Otherwise the user didn't call us with a valid tag // } else { return 0; } // // At this point we have a valid tag entry and tag index, so // update the tag entry state to reflect this new allocation // TagEntry->Allocs += 1; TagEntry->Size += NewSize; } // // And return to our caller with the new tag index // return TagIndex; }

BOOLEAN RtlpValidateHeap (  IN PHEAP  Heap, IN BOOLEAN  AlwaysValidate )

Definition at line 2025 of file heapdbg.c. References _HEAP_VIRTUAL_ALLOC_ENTRY::BusyBlock, _HEAP_VIRTUAL_ALLOC_ENTRY::CommitSize, exit, _HEAP_VIRTUAL_ALLOC_ENTRY::ExtraStuff, FALSE, _HEAP_ENTRY::Flags, HEAP_ENTRY_BUSY, HEAP_ENTRY_FILL_PATTERN, HEAP_GRANULARITY_SHIFT, HEAP_MAXIMUM_FREELISTS, HEAP_MAXIMUM_SEGMENTS, HEAP_NUMBER_OF_PSEUDO_TAG, HEAP_VALIDATE_ALL_ENABLED, HeapDebugBreak, HeapDebugPrint, NT_SUCCESS, NtAllocateVirtualMemory(), NtFreeVirtualMemory(), NTSTATUS(), NULL, RTL_PAGED_CODE, RtlpCheckBusyBlockTail(), RtlpValidateHeapHeaders(), RtlpValidateHeapSegment(), RtlpValidateHeapTagsEnable, _HEAP_TAG_ENTRY::Size, _HEAP_PSEUDO_TAG_ENTRY::Size, Size, Status, _HEAP_ENTRY_EXTRA::TagIndex, _HEAP_TAG_ENTRY::TagName, TRUE, and USHORT. Referenced by RtlDebugAllocateHeap(), RtlDebugCompactHeap(), RtlDebugCreateTagHeap(), RtlDebugDestroyHeap(), RtlDebugFreeHeap(), RtlDebugGetUserInfoHeap(), RtlDebugQueryTagHeap(), RtlDebugReAllocateHeap(), RtlDebugSetUserFlagsHeap(), RtlDebugSetUserValueHeap(), RtlDebugSizeHeap(), RtlDebugUsageHeap(), RtlDebugWalkHeap(), RtlDebugZeroHeap(), and RtlValidateHeap(). : Arguments: Return Value: --*/ { NTSTATUS Status; PHEAP_SEGMENT Segment; PLIST_ENTRY Head, Next; PHEAP_FREE_ENTRY FreeBlock; BOOLEAN EmptyFreeList; ULONG NumberOfFreeListEntries; ULONG CountOfFreeBlocks; SIZE_T TotalFreeSize; SIZE_T Size; USHORT PreviousSize; UCHAR SegmentIndex; PVOID BadAddress; PSIZE_T ComputedTagEntries = NULL; PSIZE_T ComputedPseudoTagEntries = NULL; PHEAP_VIRTUAL_ALLOC_ENTRY VirtualAllocBlock; USHORT TagIndex; RTL_PAGED_CODE(); BadAddress = Heap; if (!RtlpValidateHeapHeaders( Heap, FALSE )) { goto errorExit; } if (!AlwaysValidate && !(Heap->Flags & HEAP_VALIDATE_ALL_ENABLED)) { goto exit; } NumberOfFreeListEntries = 0; Head = &Heap->FreeLists[ 0 ]; for (Size = 0; Size < HEAP_MAXIMUM_FREELISTS; Size++) { if (Size != 0) { EmptyFreeList = (BOOLEAN)(IsListEmpty( Head )); BadAddress = &Heap->u.FreeListsInUseBytes[ Size / 8 ]; if (Heap->u.FreeListsInUseBytes[ Size / 8 ] & (1 << (Size & 7)) ) { if (EmptyFreeList) { HeapDebugPrint(( "dedicated (%04x) free list empty but marked as non-empty\n", Size )); goto errorExit; } } else { if (!EmptyFreeList) { HeapDebugPrint(( "dedicated (%04x) free list non-empty but marked as empty\n", Size )); goto errorExit; } } } Next = Head->Flink; PreviousSize = 0; while (Head != Next) { FreeBlock = CONTAINING_RECORD( Next, HEAP_FREE_ENTRY, FreeList ); Next = Next->Flink; BadAddress = FreeBlock; if (FreeBlock->Flags & HEAP_ENTRY_BUSY) { HeapDebugPrint(( "dedicated (%04x) free list element %lx is marked busy\n", Size, FreeBlock )); goto errorExit; } if ((Size != 0) && (FreeBlock->Size != Size)) { HeapDebugPrint(( "Dedicated (%04x) free list element %lx is wrong size (%04x)\n", Size, FreeBlock, FreeBlock->Size )); goto errorExit; } else if ((Size == 0) && (FreeBlock->Size < HEAP_MAXIMUM_FREELISTS)) { HeapDebugPrint(( "Non-Dedicated free list element %lx with too small size (%04x)\n", FreeBlock, FreeBlock->Size )); goto errorExit; } else if ((Size == 0) && (FreeBlock->Size < PreviousSize)) { HeapDebugPrint(( "Non-Dedicated free list element %lx is out of order\n", FreeBlock )); goto errorExit; } else { PreviousSize = FreeBlock->Size; } NumberOfFreeListEntries++; } Head++; } Size = (HEAP_NUMBER_OF_PSEUDO_TAG + Heap->NextAvailableTagIndex + 1) * sizeof( SIZE_T ); if ((RtlpValidateHeapTagsEnable) && (Heap->PseudoTagEntries != NULL)) { Status = NtAllocateVirtualMemory( NtCurrentProcess(), &ComputedPseudoTagEntries, 0, &Size, MEM_COMMIT, PAGE_READWRITE ); if (NT_SUCCESS( Status )) { ComputedTagEntries = ComputedPseudoTagEntries + HEAP_NUMBER_OF_PSEUDO_TAG; } } Head = &Heap->VirtualAllocdBlocks; Next = Head->Flink; while (Head != Next) { VirtualAllocBlock = CONTAINING_RECORD( Next, HEAP_VIRTUAL_ALLOC_ENTRY, Entry ); if (ComputedTagEntries != NULL) { TagIndex = VirtualAllocBlock->ExtraStuff.TagIndex; if (TagIndex != 0) { if (TagIndex & HEAP_PSEUDO_TAG_FLAG) { TagIndex &= ~HEAP_PSEUDO_TAG_FLAG; if (TagIndex < HEAP_NUMBER_OF_PSEUDO_TAG) { ComputedPseudoTagEntries[ TagIndex ] += VirtualAllocBlock->CommitSize >> HEAP_GRANULARITY_SHIFT; } } else if (TagIndex & HEAP_GLOBAL_TAG) { // // Ignore these since they are global across more than // one heap. // } else if (TagIndex < Heap->NextAvailableTagIndex) { ComputedTagEntries[ TagIndex ] += VirtualAllocBlock->CommitSize >> HEAP_GRANULARITY_SHIFT; } } } if (VirtualAllocBlock->BusyBlock.Flags & HEAP_ENTRY_FILL_PATTERN) { if (!RtlpCheckBusyBlockTail( &VirtualAllocBlock->BusyBlock )) { return FALSE; } } Next = Next->Flink; } CountOfFreeBlocks = 0; TotalFreeSize = 0; for (SegmentIndex=0; SegmentIndex<HEAP_MAXIMUM_SEGMENTS; SegmentIndex++) { Segment = Heap->Segments[ SegmentIndex ]; if (Segment) { if (!RtlpValidateHeapSegment( Heap, Segment, SegmentIndex, &CountOfFreeBlocks, &TotalFreeSize, &BadAddress, ComputedTagEntries, ComputedPseudoTagEntries )) { goto errorExit; } } } BadAddress = Heap; if (NumberOfFreeListEntries != CountOfFreeBlocks) { HeapDebugPrint(( "Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n", CountOfFreeBlocks, NumberOfFreeListEntries )); goto errorExit; } if (Heap->TotalFreeSize != TotalFreeSize) { HeapDebugPrint(( "Total size of free blocks in arena (%ld) does not match number total in heap header (%ld)\n", TotalFreeSize, Heap->TotalFreeSize )); goto errorExit; } if (ComputedPseudoTagEntries != NULL) { PHEAP_PSEUDO_TAG_ENTRY PseudoTagEntries; PHEAP_TAG_ENTRY TagEntries; USHORT TagIndex; PseudoTagEntries = Heap->PseudoTagEntries; if (PseudoTagEntries != NULL) { for (TagIndex=1; TagIndex<HEAP_NUMBER_OF_PSEUDO_TAG; TagIndex++) { PseudoTagEntries += 1; if (ComputedPseudoTagEntries[ TagIndex ] != PseudoTagEntries->Size) { HeapDebugPrint(( "Pseudo Tag %04x size incorrect (%x != %x) %x\n", TagIndex, PseudoTagEntries->Size, ComputedPseudoTagEntries[ TagIndex ] &ComputedPseudoTagEntries[ TagIndex ] )); goto errorExit; } } } TagEntries = Heap->TagEntries; if (TagEntries != NULL) { for (TagIndex=1; TagIndex<Heap->NextAvailableTagIndex; TagIndex++) { TagEntries += 1; if (ComputedTagEntries[ TagIndex ] != TagEntries->Size) { HeapDebugPrint(( "Tag %04x (%ws) size incorrect (%x != %x) %x\n", TagIndex, TagEntries->TagName, TagEntries->Size, ComputedTagEntries[ TagIndex ], &ComputedTagEntries[ TagIndex ] )); goto errorExit; } } } Size = 0; NtFreeVirtualMemory( NtCurrentProcess(), &ComputedPseudoTagEntries, &Size, MEM_RELEASE ); } exit: return TRUE; errorExit: HeapDebugBreak( BadAddress ); if (ComputedPseudoTagEntries != NULL) { Size = 0; NtFreeVirtualMemory( NtCurrentProcess(), &ComputedPseudoTagEntries, &Size, MEM_RELEASE ); } return FALSE; }

BOOLEAN RtlpValidateHeapEntry (  IN PHEAP  Heap, IN PHEAP_ENTRY  BusyBlock, IN PCHAR  Reason )

Definition at line 1696 of file heapdbg.c. References FALSE, _HEAP_SEGMENT::FirstEntry, HEAP_ENTRY_BUSY, HEAP_ENTRY_FILL_PATTERN, HEAP_ENTRY_VIRTUAL_ALLOC, HEAP_GRANULARITY, HEAP_MAXIMUM_SEGMENTS, HeapDebugBreak, HeapDebugPrint, _HEAP_SEGMENT::LastValidEntry, NULL, PAGE_SIZE, RtlpCheckBusyBlockTail(), and TRUE. Referenced by RtlDebugFreeHeap(), RtlDebugGetUserInfoHeap(), RtlDebugReAllocateHeap(), RtlDebugSetUserFlagsHeap(), RtlDebugSetUserValueHeap(), RtlDebugSizeHeap(), and RtlValidateHeap(). : Arguments: Return Value: --*/ { PHEAP_SEGMENT Segment; UCHAR SegmentIndex; BOOLEAN Result; if ((BusyBlock == NULL) || ((ULONG_PTR)BusyBlock & (HEAP_GRANULARITY-1)) || ((BusyBlock->Flags & HEAP_ENTRY_VIRTUAL_ALLOC) && ((ULONG_PTR)BusyBlock & (PAGE_SIZE-1)) != FIELD_OFFSET( HEAP_VIRTUAL_ALLOC_ENTRY, BusyBlock )) || (!(BusyBlock->Flags & HEAP_ENTRY_VIRTUAL_ALLOC) && ((BusyBlock->SegmentIndex >= HEAP_MAXIMUM_SEGMENTS) || !(Segment = Heap->Segments[ BusyBlock->SegmentIndex ]) || (BusyBlock < Segment->FirstEntry) || (BusyBlock >= Segment->LastValidEntry))) || !(BusyBlock->Flags & HEAP_ENTRY_BUSY) || ((BusyBlock->Flags & HEAP_ENTRY_FILL_PATTERN) && !RtlpCheckBusyBlockTail( BusyBlock ))) { InvalidBlock: HeapDebugPrint(( "Invalid Address specified to %s( %lx, %lx )\n", Reason, Heap, BusyBlock + 1 )); HeapDebugBreak( BusyBlock ); return FALSE; } else { if (BusyBlock->Flags & HEAP_ENTRY_VIRTUAL_ALLOC) { Result = TRUE; } else { for (SegmentIndex=0; SegmentIndex<HEAP_MAXIMUM_SEGMENTS; SegmentIndex++) { Segment = Heap->Segments[ SegmentIndex ]; if (Segment) { if ((BusyBlock >= Segment->FirstEntry) && (BusyBlock < Segment->LastValidEntry)) { Result = TRUE; break; } } } } if (!Result) { goto InvalidBlock; } return TRUE; } }

BOOLEAN RtlpValidateHeapHeaders (  IN PHEAP  Heap, IN BOOLEAN  Recompute )

Definition at line 112 of file heapdbg.c. References DbgPrint, Description, FALSE, HeapDebugPrint, n, NT_SUCCESS, NtAllocateVirtualMemory(), NTSTATUS(), NULL, RtlpHeapHeaderFieldOffsets, RtlpValidateHeapHdrsEnable, Status, and TRUE. Referenced by RtlDebugAllocateHeap(), RtlDebugCompactHeap(), RtlDebugCreateHeap(), RtlDebugCreateTagHeap(), RtlDebugFreeHeap(), RtlDebugReAllocateHeap(), RtlpGrowBlockInPlace(), RtlpSerializeHeap(), and RtlpValidateHeap(). : Arguments: Return Value: --*/ { ULONG i; SIZE_T n; SIZE_T nEqual; NTSTATUS Status; if (!RtlpValidateHeapHdrsEnable) { return TRUE; } if (Heap->HeaderValidateCopy == NULL) { n = Heap->HeaderValidateLength; Status = NtAllocateVirtualMemory( NtCurrentProcess(), &Heap->HeaderValidateCopy, 0, &n, MEM_COMMIT, PAGE_READWRITE ); if (!NT_SUCCESS( Status )) { return TRUE; } Recompute = TRUE; } n = Heap->HeaderValidateLength; if (!Recompute) { nEqual = RtlCompareMemory( Heap, Heap->HeaderValidateCopy, n ); } else { RtlMoveMemory( Heap->HeaderValidateCopy, Heap, n ); nEqual = n; } if (n != nEqual) { HeapDebugPrint(( "Heap %x - headers modified (%x is %x instead of %x)\n", Heap, (PCHAR)Heap + nEqual, *(PULONG)((PCHAR)Heap + nEqual), *(PULONG)((PCHAR)Heap->HeaderValidateCopy + nEqual))); for (i=0; RtlpHeapHeaderFieldOffsets[ i ].Description != NULL; i++) { if ((nEqual >= RtlpHeapHeaderFieldOffsets[ i ].Offset) && (nEqual < RtlpHeapHeaderFieldOffsets[ i+1 ].Offset)) { DbgPrint( " This is located in the %s field of the heap header.\n", RtlpHeapHeaderFieldOffsets[ i ].Description ); break; } } return FALSE; } else { return TRUE; } }

---

Variable Documentation

UCHAR CheckHeapFillPattern[CHECK_HEAP_TAIL_SIZE]

Definition at line 46 of file heappriv.h.

---