All geek questions in one place

Does windows have stack space?

I am making a technique called the "drawing stack." To determine how much stack space a specific function is used.

If I selected items on the 1 MB stack. And then I'm sure that I am not using any of these items from the stack. Do windows automatically decompile (free) these unused pages?

I am interested to know about VMM Windows. As for whether the page is perfect or optional, but just reserved?

In other words, if I manually access memory up to 1 MB, can windows cause access violation?

+4
source share
2 answers

To answer your first question, Windows does not cancel these pages. Any pages that were committed as a stack remained so until the stream terminated.

To answer the second question, the corresponding fields are in the structure IMAGE_OPTIONAL_HEADER32 or IMAGE_OPTIONAL_HEADER64. These are SizeOfStackReserve and SizeOfStackCommit. This structure is part of the NT PE header, which in turn refers to the MSDOS header (a thing that starts with offset 0 in PE with "MZ" as the magic value).

Microsoft link.exe has a switch "/ STACK: reserve [, commit]", which directly correlates with these two fields.

Change as the question has changed: you can only reliably access the locked pages of the stack and the current protection page. You should expect AV if you go to a reserved page that is not a protection page (if you go to the last protection page, you will get a SEH exception).

+3
source

You do not delete material allocated on the stack; it is automatically corrected, because when you exit the current area, the stack pointer returns to the previous frame of stack 1, so all the memory used for objects in the current area is effectively restored.

In principle, the entire stack is allocated when the application is loaded into memory, so it has a fixed-size structure that is reused repeatedly (while the code stream moves to and from areas); The OS can play smart tricks (using protective pages to fix the top of the stack, which were just reserved at the beginning of the application), but in general this should not bother you.

The stack size is part of the PE header (executable file header), and you can set it using the linker. You can get this value for the loaded executable by tracking in PE structures loaded into memory (basically its HMODULE is where the executable is displayed in memory); I think the ImageHelper library might be useful in this task.

  • Naturally, after the launch of destructors; By the way, FPO can make a difference here, but the concept remains the same.

Edit

In other words, if I manually access memory up to 1 MB, can windows cause access violation?

If it has already been committed (i.e. you allocated and freed 1 MB of objects on the stack), I do not think that this could happen.

Windows will not have a clue that this part of the stack is no longer in use. Windows can determine if it needs to make more pages using security pages to detect access to the top of the stack, but it may not know that these pages are no longer in use.

In fact, he could look for a stack pointer when switching contexts, but he could break applications that would be β€œsmart” things with a stack, and overall it would be an optimization that is not worth the effort: if there is no memory, these pages can still be unloaded.

However, in order to play it safely (for example, if you don’t know if this distribution has occurred), you must read the stack going up from the current used section, so if the pages up have not been committed yet, you still touch guard pages, warning Windows to have more pages for the stack.

+6
source

Source: https://habr.com/ru/post/1344336/

More articles:


All Articles