A story about code-frog, shog, Surfulater and DEP
-
Long story short. Had a serious problem that code-frog (Rex) reported earlier this month where Surfulater would crash. Follows on from a report of the same problem back in Dec 2005 that I never resolved. After fantastic help from Rex he worked out that DEP (Data Execution Prevention) was causing the crash. After I enabled Hardware DEP I was finally able to reproduce the crash and track it down to some code that shog wrote back in Dec 2001 (see: http://www.codeproject.com/miscctrl/balloonhelp.as[^]) I use a sub-set of this code. Fortunately others had already found and fixed the problem and I'm most grateful to KHDev4u for his solution. But the real hero of the day is Rex, who I can't thank enough.:rose: And of course shog for his great code as well.:rose: I've written a long version of this here http://blog.surfulater.com/2006/05/22/data-execution-protection-rex-winn/[^] And the moral of this story is make sure you enable Hardware and Software DEP and test your code thoroughly in this environment. Neville Franks, Author of Surfulater www.surfulater.com "Save what you Surf" and ED for Windows www.getsoft.com
-
Long story short. Had a serious problem that code-frog (Rex) reported earlier this month where Surfulater would crash. Follows on from a report of the same problem back in Dec 2005 that I never resolved. After fantastic help from Rex he worked out that DEP (Data Execution Prevention) was causing the crash. After I enabled Hardware DEP I was finally able to reproduce the crash and track it down to some code that shog wrote back in Dec 2001 (see: http://www.codeproject.com/miscctrl/balloonhelp.as[^]) I use a sub-set of this code. Fortunately others had already found and fixed the problem and I'm most grateful to KHDev4u for his solution. But the real hero of the day is Rex, who I can't thank enough.:rose: And of course shog for his great code as well.:rose: I've written a long version of this here http://blog.surfulater.com/2006/05/22/data-execution-protection-rex-winn/[^] And the moral of this story is make sure you enable Hardware and Software DEP and test your code thoroughly in this environment. Neville Franks, Author of Surfulater www.surfulater.com "Save what you Surf" and ED for Windows www.getsoft.com
Yeah, good story there for all of us. I never even knew about DEP prior to that little foray into the unknown. Thanks for the nod!:rose:
If we all used the Plain English compiler every post in the lounge would be a programming question.:cool:
Welcome to CP in your language. Post the unicode version in My CP Blog [ ^ ] now.People who don't understand how awesome Firefox is have never used CPhog. The act of using CPhog alone doesn't make Firefox cool. It opens your eyes to the possibilities and then you start looking for other things like CPhog and your eyes are suddenly open to all sorts of useful things all through Firefox. - (Self Quote)
-
Long story short. Had a serious problem that code-frog (Rex) reported earlier this month where Surfulater would crash. Follows on from a report of the same problem back in Dec 2005 that I never resolved. After fantastic help from Rex he worked out that DEP (Data Execution Prevention) was causing the crash. After I enabled Hardware DEP I was finally able to reproduce the crash and track it down to some code that shog wrote back in Dec 2001 (see: http://www.codeproject.com/miscctrl/balloonhelp.as[^]) I use a sub-set of this code. Fortunately others had already found and fixed the problem and I'm most grateful to KHDev4u for his solution. But the real hero of the day is Rex, who I can't thank enough.:rose: And of course shog for his great code as well.:rose: I've written a long version of this here http://blog.surfulater.com/2006/05/22/data-execution-protection-rex-winn/[^] And the moral of this story is make sure you enable Hardware and Software DEP and test your code thoroughly in this environment. Neville Franks, Author of Surfulater www.surfulater.com "Save what you Surf" and ED for Windows www.getsoft.com
Interestingly enough there were two things I discovered with regard to this. DEP at the hardware level (motherboard) and DEP at the software level (OS) might also enable something called PAE (I think that's it.). Remember a while back I could not see all 4 gigs of my memory. 3.2 was my physical limit. Everyone thought Windows 2003 would fix that (myself included). Turns out that DEP and PAE fix that. I'm totally paraphrasing here and I'm not even going to bother googling to be sure I'm right but PAE enables 64 bit (I think that's what I read) memory addressing and reservation. Once it was enabled all 4 gigs of memory showed up. So if you are throttled at 3.2 and want all 4.0 gigs you might investigate DEP and PAE more closely. I lied about not Googling. Here's a link to PAE http://www.microsoft.com/whdc/system/platform/server/PAE/PAEdrv.mspx[^] Also be aware that each motherboard manufacturer may use their own name for DEP. Intel uses Nx and if you recall I'm using a 955-XBK and thanks to Michael I'm running it in RAID-0,1 (thanks to Jeffry Brickly for educating me on RAID-0,1). See! If you just hang out at CP long enough you can learn all sorts of crazy stuff. I'm an addict!:-O
If we all used the Plain English compiler every post in the lounge would be a programming question.:cool: Welcome to CP in your language. Post the unicode version in My CP Blog [ ^ ] now. People who don't understand how awesome Firefox is have never used CPhog. The act of using CPhog alone doesn't make Firefox cool. It opens your eyes to the possibilities and then you start looking for other things like CPhog and your eyes are suddenly open to all sorts of useful things all through Firefox. - (Self Quote)
-
Yeah, good story there for all of us. I never even knew about DEP prior to that little foray into the unknown. Thanks for the nod!:rose:
If we all used the Plain English compiler every post in the lounge would be a programming question.:cool:
Welcome to CP in your language. Post the unicode version in My CP Blog [ ^ ] now.People who don't understand how awesome Firefox is have never used CPhog. The act of using CPhog alone doesn't make Firefox cool. It opens your eyes to the possibilities and then you start looking for other things like CPhog and your eyes are suddenly open to all sorts of useful things all through Firefox. - (Self Quote)
I didn't either until my obfuscator died on some client's systems a couple of months ago. Turned out the author of the obfuscator uses encryption to decrypt code on the fly (which is why we went that route) and it was being interfered with by DEP which they knew about and coded against, but I had found a new case of hardware DEP which is different somehow and so they required a patch to fix it. So just to toss more confusion on the pile be sure to test against both software (O.S.) DEP and hardware (CPU) DEP.
-
I didn't either until my obfuscator died on some client's systems a couple of months ago. Turned out the author of the obfuscator uses encryption to decrypt code on the fly (which is why we went that route) and it was being interfered with by DEP which they knew about and coded against, but I had found a new case of hardware DEP which is different somehow and so they required a patch to fix it. So just to toss more confusion on the pile be sure to test against both software (O.S.) DEP and hardware (CPU) DEP.
John Cardinal wrote:
So just to toss more confusion on the pile be sure to test against both software (O.S.) DEP and hardware (CPU) DEP.
From my brief sojourn into DEP, Hardware DEP appeared to be the more critical of the two. So make sure you jump into the BIOS and enable that. You should be able to use shog's original code http://www.codeproject.com/miscctrl/balloonhelp.asp[^] to verify Hardware DEP is indeed working. Neville Franks, Author of Surfulater www.surfulater.com "Save what you Surf" and ED for Windows www.getsoft.com
-
Interestingly enough there were two things I discovered with regard to this. DEP at the hardware level (motherboard) and DEP at the software level (OS) might also enable something called PAE (I think that's it.). Remember a while back I could not see all 4 gigs of my memory. 3.2 was my physical limit. Everyone thought Windows 2003 would fix that (myself included). Turns out that DEP and PAE fix that. I'm totally paraphrasing here and I'm not even going to bother googling to be sure I'm right but PAE enables 64 bit (I think that's what I read) memory addressing and reservation. Once it was enabled all 4 gigs of memory showed up. So if you are throttled at 3.2 and want all 4.0 gigs you might investigate DEP and PAE more closely. I lied about not Googling. Here's a link to PAE http://www.microsoft.com/whdc/system/platform/server/PAE/PAEdrv.mspx[^] Also be aware that each motherboard manufacturer may use their own name for DEP. Intel uses Nx and if you recall I'm using a 955-XBK and thanks to Michael I'm running it in RAID-0,1 (thanks to Jeffry Brickly for educating me on RAID-0,1). See! If you just hang out at CP long enough you can learn all sorts of crazy stuff. I'm an addict!:-O
If we all used the Plain English compiler every post in the lounge would be a programming question.:cool: Welcome to CP in your language. Post the unicode version in My CP Blog [ ^ ] now. People who don't understand how awesome Firefox is have never used CPhog. The act of using CPhog alone doesn't make Firefox cool. It opens your eyes to the possibilities and then you start looking for other things like CPhog and your eyes are suddenly open to all sorts of useful things all through Firefox. - (Self Quote)
Rex, thanks for mentioning that. When Surfulater wouldn't even start on your PC one thought that crossed my mind was whether this change from 3.2 to 4.0 gig of RAM was somehow playing a part, mainly because I do stuff with Memory Mapped Files. As you know it made absolutely no sense that Surfulater wouldn't even start. It turned out the RAM increase wasn't relevant. Neville Franks, Author of Surfulater www.surfulater.com "Save what you Surf" and ED for Windows www.getsoft.com
-
Rex, thanks for mentioning that. When Surfulater wouldn't even start on your PC one thought that crossed my mind was whether this change from 3.2 to 4.0 gig of RAM was somehow playing a part, mainly because I do stuff with Memory Mapped Files. As you know it made absolutely no sense that Surfulater wouldn't even start. It turned out the RAM increase wasn't relevant. Neville Franks, Author of Surfulater www.surfulater.com "Save what you Surf" and ED for Windows www.getsoft.com
Well I think the way we approached it we were going to find out the problem one way or another. Thankfully it was DEP and we didn't have to physically swap memory sticks around. That was my next concern if your rebuild hadn't worked. I was thinking to yank 2 and test, swap those 2 and test etc... To see if maybe I had bad memory somewhere. Pretty amazing to learn about something like that on your PC. You'd think a little more promotion would have gone in to letting people know about DEP and what problems it can cause. It was on your board and OS and you didn't even know you had the option to run it. But in running it you have better protection against viruses and stuff. Seems like every day there is something new to learn...:sigh: which makes you sigh but it's kind of cool to learn new things to. - Rex
If we all used the Plain English compiler every post in the lounge would be a programming question.:cool:
Welcome to CP in your language. Post the unicode version in My CP Blog [ ^ ] now.People who don't understand how awesome Firefox is have never used CPhog. The act of using CPhog alone doesn't make Firefox cool. It opens your eyes to the possibilities and then you start looking for other things like CPhog and your eyes are suddenly open to all sorts of useful things all through Firefox. - (Self Quote)
-
Interestingly enough there were two things I discovered with regard to this. DEP at the hardware level (motherboard) and DEP at the software level (OS) might also enable something called PAE (I think that's it.). Remember a while back I could not see all 4 gigs of my memory. 3.2 was my physical limit. Everyone thought Windows 2003 would fix that (myself included). Turns out that DEP and PAE fix that. I'm totally paraphrasing here and I'm not even going to bother googling to be sure I'm right but PAE enables 64 bit (I think that's what I read) memory addressing and reservation. Once it was enabled all 4 gigs of memory showed up. So if you are throttled at 3.2 and want all 4.0 gigs you might investigate DEP and PAE more closely. I lied about not Googling. Here's a link to PAE http://www.microsoft.com/whdc/system/platform/server/PAE/PAEdrv.mspx[^] Also be aware that each motherboard manufacturer may use their own name for DEP. Intel uses Nx and if you recall I'm using a 955-XBK and thanks to Michael I'm running it in RAID-0,1 (thanks to Jeffry Brickly for educating me on RAID-0,1). See! If you just hang out at CP long enough you can learn all sorts of crazy stuff. I'm an addict!:-O
If we all used the Plain English compiler every post in the lounge would be a programming question.:cool: Welcome to CP in your language. Post the unicode version in My CP Blog [ ^ ] now. People who don't understand how awesome Firefox is have never used CPhog. The act of using CPhog alone doesn't make Firefox cool. It opens your eyes to the possibilities and then you start looking for other things like CPhog and your eyes are suddenly open to all sorts of useful things all through Firefox. - (Self Quote)
Juts out of curiousity: how can you have access to the whole 4 gigs? I thought it was a requirement that the OS keep aside 1 Gig (or 2 gig in the more traditional layout) just for itself? Is this not the case? If it's not, how do you prevent userland memory from completely clobbering kernel mem? ¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF!
-
Long story short. Had a serious problem that code-frog (Rex) reported earlier this month where Surfulater would crash. Follows on from a report of the same problem back in Dec 2005 that I never resolved. After fantastic help from Rex he worked out that DEP (Data Execution Prevention) was causing the crash. After I enabled Hardware DEP I was finally able to reproduce the crash and track it down to some code that shog wrote back in Dec 2001 (see: http://www.codeproject.com/miscctrl/balloonhelp.as[^]) I use a sub-set of this code. Fortunately others had already found and fixed the problem and I'm most grateful to KHDev4u for his solution. But the real hero of the day is Rex, who I can't thank enough.:rose: And of course shog for his great code as well.:rose: I've written a long version of this here http://blog.surfulater.com/2006/05/22/data-execution-protection-rex-winn/[^] And the moral of this story is make sure you enable Hardware and Software DEP and test your code thoroughly in this environment. Neville Franks, Author of Surfulater www.surfulater.com "Save what you Surf" and ED for Windows www.getsoft.com
-
Juts out of curiousity: how can you have access to the whole 4 gigs? I thought it was a requirement that the OS keep aside 1 Gig (or 2 gig in the more traditional layout) just for itself? Is this not the case? If it's not, how do you prevent userland memory from completely clobbering kernel mem? ¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF!
PAE (Physical Address Extension) allows the CPU (and hence the OS) to access memory above the 4 Gig limit (imposed by the 32 address pins in the processor). Processors that support PAE have 36 address pins and therefore can access 2^36=64 Gigs of RAM. PAE has no effect on the Virtual Address space that Windows allocates to each process, it still remains 4 GB, with 2 GB taken up by the OS, unless you turn on /3GB in boot.ini, in which case the OS share reduces to ~1.2 GB. Regards Senthil _____________________________ My Blog | My Articles | WinMacro
-
PAE (Physical Address Extension) allows the CPU (and hence the OS) to access memory above the 4 Gig limit (imposed by the 32 address pins in the processor). Processors that support PAE have 36 address pins and therefore can access 2^36=64 Gigs of RAM. PAE has no effect on the Virtual Address space that Windows allocates to each process, it still remains 4 GB, with 2 GB taken up by the OS, unless you turn on /3GB in boot.ini, in which case the OS share reduces to ~1.2 GB. Regards Senthil _____________________________ My Blog | My Articles | WinMacro
Reducing the OS down to around 1GB can be hazardous. I had a customer try it on a system with a huge amount of stuff running as services in kernel mode and that thing was paging so hard they couldn't even open notepad to fix their boot.ini file and restart. They had to copy the boot.ini file to the machine to undo the /3GB switch. The reason they tried this in the first place is that they process some enormous data files and our app occasionally wants to use over 2GB and vomits when it tries.
-
Reducing the OS down to around 1GB can be hazardous. I had a customer try it on a system with a huge amount of stuff running as services in kernel mode and that thing was paging so hard they couldn't even open notepad to fix their boot.ini file and restart. They had to copy the boot.ini file to the machine to undo the /3GB switch. The reason they tried this in the first place is that they process some enormous data files and our app occasionally wants to use over 2GB and vomits when it tries.
Unless your app was linked with /LARGEADDRESSAWARE, it wouldn't have helped anyway - your application would still be limited to a 2GB address space, the space between 2GB and 3GB going unused. Stability. What an interesting concept. -- Chris Maunder
-
Long story short. Had a serious problem that code-frog (Rex) reported earlier this month where Surfulater would crash. Follows on from a report of the same problem back in Dec 2005 that I never resolved. After fantastic help from Rex he worked out that DEP (Data Execution Prevention) was causing the crash. After I enabled Hardware DEP I was finally able to reproduce the crash and track it down to some code that shog wrote back in Dec 2001 (see: http://www.codeproject.com/miscctrl/balloonhelp.as[^]) I use a sub-set of this code. Fortunately others had already found and fixed the problem and I'm most grateful to KHDev4u for his solution. But the real hero of the day is Rex, who I can't thank enough.:rose: And of course shog for his great code as well.:rose: I've written a long version of this here http://blog.surfulater.com/2006/05/22/data-execution-protection-rex-winn/[^] And the moral of this story is make sure you enable Hardware and Software DEP and test your code thoroughly in this environment. Neville Franks, Author of Surfulater www.surfulater.com "Save what you Surf" and ED for Windows www.getsoft.com
Another difference between XP SP2 and Server 2003 SP1 is that, IIRC, XP defaults to DEP 'Opt In' while Server 2003 defaults to 'Opt Out'. This setting is in the System control panel applet, Advanced tab, click Performance, the Data Execution Prevention tab. The options are "Turn on DEP for essential Windows programs and services only" (i.e. "Opt In") or "Turn on DEP for all programs and services except those I specify" (Opt Out), with a box to specify programs to exclude. This may be why you couldn't replicate it even after turning Hardware DEP on. It's still possible to execute dynamically-generated code, but you must tell the OS which regions you plan to do this from. For memory allocated with
VirtualAlloc, either supplyPAGE_EXECUTE_READWRITEat the point of allocation, or useVirtualProtectto applyPAGE_EXECUTEsubsequently. For heap memory, specify theHEAP_CREATE_ENABLE_EXECUTEflag when callingHeapCreate. It's not possible to specify this after creation, and the process default heap does not allow it IIRC. Stability. What an interesting concept. -- Chris Maunder -
Another difference between XP SP2 and Server 2003 SP1 is that, IIRC, XP defaults to DEP 'Opt In' while Server 2003 defaults to 'Opt Out'. This setting is in the System control panel applet, Advanced tab, click Performance, the Data Execution Prevention tab. The options are "Turn on DEP for essential Windows programs and services only" (i.e. "Opt In") or "Turn on DEP for all programs and services except those I specify" (Opt Out), with a box to specify programs to exclude. This may be why you couldn't replicate it even after turning Hardware DEP on. It's still possible to execute dynamically-generated code, but you must tell the OS which regions you plan to do this from. For memory allocated with
VirtualAlloc, either supplyPAGE_EXECUTE_READWRITEat the point of allocation, or useVirtualProtectto applyPAGE_EXECUTEsubsequently. For heap memory, specify theHEAP_CREATE_ENABLE_EXECUTEflag when callingHeapCreate. It's not possible to specify this after creation, and the process default heap does not allow it IIRC. Stability. What an interesting concept. -- Chris MaunderWhen Rex and I were going back and forth on this he got to a point where turning off Hardware DEP made no difference. ie. Surfulater still wouldn't start. There is a post in shog's article suggesting a solution using VirtualProtect() or similar, but other solutions including the one I adopted replaced the dynamically generated code (thunk), all together, which seems to me the best approach. It will be interesting to watch programs stop working as over time DEP becomes more widely used. Neville Franks, Author of Surfulater www.surfulater.com "Save what you Surf" and ED for Windows www.getsoft.com
-
When Rex and I were going back and forth on this he got to a point where turning off Hardware DEP made no difference. ie. Surfulater still wouldn't start. There is a post in shog's article suggesting a solution using VirtualProtect() or similar, but other solutions including the one I adopted replaced the dynamically generated code (thunk), all together, which seems to me the best approach. It will be interesting to watch programs stop working as over time DEP becomes more widely used. Neville Franks, Author of Surfulater www.surfulater.com "Save what you Surf" and ED for Windows www.getsoft.com
Programs using ATL windowing may well not work, because ATL uses dynamically-generated thunks to map from the static WindowProc implementation to the class's own WndProc (basically to work out what the
thispointer should be). In ATL 3.0 (which came with VS 6.0) this is a member of theCWindowImplRootclass template, so you'd have to allocate your window objects on an appropriately-configured heap to avoid DEP problems. ATL 7.1 (VS.NET 2003) has new code which allocates these thunks from the process-default heap, regardless of where the window object is allocated. ATL 8.0 has really wacky code used to work out if NX is enabled and VirtualAllocs special space for the thunks if it is. Stability. What an interesting concept. -- Chris Maunder -
Programs using ATL windowing may well not work, because ATL uses dynamically-generated thunks to map from the static WindowProc implementation to the class's own WndProc (basically to work out what the
thispointer should be). In ATL 3.0 (which came with VS 6.0) this is a member of theCWindowImplRootclass template, so you'd have to allocate your window objects on an appropriately-configured heap to avoid DEP problems. ATL 7.1 (VS.NET 2003) has new code which allocates these thunks from the process-default heap, regardless of where the window object is allocated. ATL 8.0 has really wacky code used to work out if NX is enabled and VirtualAllocs special space for the thunks if it is. Stability. What an interesting concept. -- Chris MaunderThanks for that Mike. Makes me glad I'm not using ATL.:) Neville Franks, Author of Surfulater www.surfulater.com "Save what you Surf" and ED for Windows www.getsoft.com
-
Maybe it is. ;) I've an update to the WTL version incorporating the DEP patch and theme support if you want it...:cool: Anna :rose: Currently working mostly on: Visual Lint :cool: Anna's Place | Tears and Laughter "Be yourself - not what others think you should be" - Marcia Graesch "Anna's just a sexy-looking lesbian tart" - A friend, trying to wind me up. It didn't work.
-
Maybe it is. ;) I've an update to the WTL version incorporating the DEP patch and theme support if you want it...:cool: Anna :rose: Currently working mostly on: Visual Lint :cool: Anna's Place | Tears and Laughter "Be yourself - not what others think you should be" - Marcia Graesch "Anna's just a sexy-looking lesbian tart" - A friend, trying to wind me up. It didn't work.
Sure, send it on. :)
---- Scripts i’ve known... CPhog 1.0.0.0 - make CP better. Forum Bookmark 0.2.5 - bookmark forum posts on Pensieve Print forum 0.1.2 - printer-friendly forums Expand all 1.0 - Expand all messages In-place Delete 1.0 - AJAX-style post delete Syntax 0.1 - Syntax highlighting for code blocks in the forums
-
Sure, send it on. :)
---- Scripts i’ve known... CPhog 1.0.0.0 - make CP better. Forum Bookmark 0.2.5 - bookmark forum posts on Pensieve Print forum 0.1.2 - printer-friendly forums Expand all 1.0 - Expand all messages In-place Delete 1.0 - AJAX-style post delete Syntax 0.1 - Syntax highlighting for code blocks in the forums
You should have it later today then. :) Anna :rose: Currently working mostly on: Visual Lint :cool: Anna's Place | Tears and Laughter "Be yourself - not what others think you should be" - Marcia Graesch "Anna's just a sexy-looking lesbian tart" - A friend, trying to wind me up. It didn't work.