|
|
/*++
Copyright (c) 1996 Microsoft Corporation
Module Name:
leaks.c
Abstract:
A filter DLL for trying to detect memory, event, registry, and token handle leaks.
Author:
Charlie Wickham/Rod Gamache
Revision History:
--*/
#include <nt.h>
#include <ntrtl.h>
#include <nturtl.h>
#define _ADVAPI32_
#define _KERNEL32_
#include <windows.h>
#include <stdio.h>
#include "clusrtl.h"
#include "leaks.h"
HINSTANCE Kernel32Handle;HINSTANCE Advapi32Handle;
FARPROC SystemLocalAlloc;FARPROC SystemLocalFree;
FARPROC SystemCreateEventA;FARPROC SystemCreateEventW;
FARPROC SystemRegOpenKeyA;FARPROC SystemRegOpenKeyW;FARPROC SystemRegOpenKeyExA;FARPROC SystemRegOpenKeyExW;FARPROC SystemRegCreateKeyA;FARPROC SystemRegCreateKeyW;FARPROC SystemRegCreateKeyExA;FARPROC SystemRegCreateKeyExW;FARPROC SystemRegCloseKey;
FARPROC SystemOpenProcessToken;FARPROC SystemOpenThreadToken;FARPROC SystemDuplicateToken;FARPROC SystemDuplicateTokenEx;
FARPROC SystemCloseHandle;
#define SetSystemPointer( _h, _n ) \
System##_n = GetProcAddress( _h, #_n );
BOOL LeaksVerbose = FALSE;
HANDLE_TABLE HandleTable[ MAX_HANDLE / HANDLE_DELTA ];
�BOOLEANWINAPILeaksDllEntry( IN HINSTANCE DllHandle, IN DWORD Reason, IN LPVOID Reserved )/*++
Routine Description:
Main DLL entrypoint
Arguments:
DllHandle - Supplies the DLL handle.
Reason - Supplies the call reason
Return Value:
TRUE if successful
FALSE if unsuccessful
--*/
{ if (Reason == DLL_PROCESS_ATTACH) { DisableThreadLibraryCalls(DllHandle); ClRtlInitialize( TRUE, NULL );
//
// get pointers to the real functions
//
Kernel32Handle = LoadLibrary( "kernel32.dll" ); Advapi32Handle = LoadLibrary( "advapi32.dll" );
SetSystemPointer( Kernel32Handle, LocalAlloc ); SetSystemPointer( Kernel32Handle, LocalFree );
SetSystemPointer( Kernel32Handle, CreateEventA ); SetSystemPointer( Kernel32Handle, CreateEventW );
SetSystemPointer( Advapi32Handle, RegOpenKeyA ); SetSystemPointer( Advapi32Handle, RegOpenKeyW ); SetSystemPointer( Advapi32Handle, RegOpenKeyExA ); SetSystemPointer( Advapi32Handle, RegOpenKeyExW ); SetSystemPointer( Advapi32Handle, RegCreateKeyA ); SetSystemPointer( Advapi32Handle, RegCreateKeyW ); SetSystemPointer( Advapi32Handle, RegCreateKeyExA ); SetSystemPointer( Advapi32Handle, RegCreateKeyExW ); SetSystemPointer( Advapi32Handle, RegCloseKey );
SetSystemPointer( Advapi32Handle, OpenProcessToken ); SetSystemPointer( Advapi32Handle, OpenThreadToken ); SetSystemPointer( Advapi32Handle, DuplicateToken ); SetSystemPointer( Advapi32Handle, DuplicateTokenEx );
SetSystemPointer( Kernel32Handle, CloseHandle ); }
return(TRUE);}
HLOCALWINAPILEAKS_LocalAlloc( UINT uFlags, SIZE_T uBytes ){ HLOCAL memory; PMEM_HDR memHdr; PVOID callersAddress; PVOID callersCaller;
RtlGetCallersAddress( &callersAddress, &callersCaller );
memHdr = (PVOID)(*SystemLocalAlloc)( uFlags, uBytes + sizeof(MEM_HDR) ); if ( !memHdr ) { return NULL; }
memHdr->Signature = HEAP_SIGNATURE_ALLOC; memHdr->CallersAddress = callersAddress; memHdr->CallersCaller = callersCaller;
return(memHdr+1);}
HLOCALWINAPILEAKS_LocalFree( HLOCAL hMem ){ PMEM_HDR memHdr = hMem; PVOID callersAddress; PVOID callersCaller; CHAR buf[128];
if ( memHdr ) { --memHdr; if ( memHdr->Signature == HEAP_SIGNATURE_FREE ) {
sprintf( buf, "Freeing %p a 2nd time!\n", memHdr ); OutputDebugString( buf ); DebugBreak(); } else if ( memHdr->Signature == HEAP_SIGNATURE_ALLOC ) {
RtlGetCallersAddress(&callersAddress, &callersCaller );
memHdr->Signature = HEAP_SIGNATURE_FREE; memHdr->CallersAddress = callersAddress; memHdr->CallersCaller = callersCaller; } else { memHdr++; } } else {#if 0
sprintf( buf, "Passing NULL to LocalFree, tsk, tsk, tsk!!\n" ); OutputDebugString( buf ); DebugBreak();#endif
}
return( (HLOCAL)(*SystemLocalFree)(memHdr) );}
HANDLEWINAPILEAKS_CreateEventA( LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState, LPCSTR lpName ){ HANDLE handle; PVOID callersAddress; PVOID callersCaller;
handle = (HANDLE)(*SystemCreateEventA)( lpEventAttributes, bManualReset, bInitialState, lpName );
if ( handle != NULL ) { SetHandleTable( handle, TRUE, LeaksEvent ); }
if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] CreateEventA returns handle %1!X!, called from %2!X! and %3!X!\n", handle, callersAddress, callersCaller ); }
return(handle);
} // CreateEventA
HANDLEWINAPILEAKS_CreateEventW( LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState, LPCWSTR lpName ){ HANDLE handle; PVOID callersAddress; PVOID callersCaller;
handle = (HANDLE)(*SystemCreateEventW)( lpEventAttributes, bManualReset, bInitialState, lpName );
if ( handle != NULL ) { SetHandleTable( handle, TRUE, LeaksEvent ); }
if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE,"[LEAKS] CreateEventW returns handle %1!X!, called from %2!X! and %3!X!\n", handle, callersAddress, callersCaller ); }
return(handle);
} // CreateEventW
LONGAPIENTRYLEAKS_RegOpenKeyA( HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult ){ LONG status; PVOID callersAddress; PVOID callersCaller;
status = (LONG)(*SystemRegOpenKeyA)( hKey, lpSubKey, phkResult );
if ( status == ERROR_SUCCESS ) { SetHandleTable( *phkResult, TRUE, LeaksRegistry ); }
if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE,"[LEAKS] RegOpenKeyA returns key %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *phkResult, status, callersAddress, callersCaller ); }
return(status);
} // RegOpenKeyA
LONGAPIENTRYLEAKS_RegOpenKeyW( HKEY hKey, LPCWSTR lpSubKey, PHKEY phkResult ){ LONG status; PVOID callersAddress; PVOID callersCaller;
status = (LONG)(*SystemRegOpenKeyW)( hKey, lpSubKey, phkResult );
if ( status == ERROR_SUCCESS ) { SetHandleTable( *phkResult, TRUE, LeaksRegistry ); }
if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] RegOpenKeyW returns key %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *phkResult, status, callersAddress, callersCaller ); }
return(status);
} // RegOpenKeyW
LONGAPIENTRYLEAKS_RegOpenKeyExA( HKEY hKey, LPCSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult ){ LONG status; PVOID callersAddress; PVOID callersCaller;
status = (LONG)(*SystemRegOpenKeyExA)( hKey, lpSubKey, ulOptions, samDesired, phkResult );
if ( status == ERROR_SUCCESS ) { SetHandleTable( *phkResult, TRUE, LeaksRegistry ); }
if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] RegOpenKeyExA returns key %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *phkResult, status, callersAddress, callersCaller ); }
return(status);
} // RegOpenKeyExA
LONGAPIENTRYLEAKS_RegOpenKeyExW( HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult ){ LONG status; PVOID callersAddress; PVOID callersCaller;
status = (LONG)(*SystemRegOpenKeyExW)( hKey, lpSubKey, ulOptions, samDesired, phkResult );
if ( status == ERROR_SUCCESS ) { SetHandleTable( *phkResult, TRUE, LeaksRegistry ); }
if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] RegOpenKeyExW returns key %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *phkResult, status, callersAddress, callersCaller ); }
return(status);
} // RegOpenKeyExW
LONGAPIENTRYLEAKS_RegCreateKeyA( HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult ){ LONG status; PVOID callersAddress; PVOID callersCaller;
status = (LONG)(*SystemRegCreateKeyA)( hKey, lpSubKey, phkResult );
if ( status == ERROR_SUCCESS ) { SetHandleTable( *phkResult, TRUE, LeaksRegistry ); }
if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] RegCreateKeyA returns key %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *phkResult, status, callersAddress, callersCaller ); }
return(status);
} // RegCreateKeyA
LONGAPIENTRYLEAKS_RegCreateKeyW( HKEY hKey, LPCWSTR lpSubKey, PHKEY phkResult ){ LONG status; PVOID callersAddress; PVOID callersCaller;
status = (LONG)(*SystemRegCreateKeyW)( hKey, lpSubKey, phkResult );
if ( status == ERROR_SUCCESS ) { SetHandleTable( *phkResult, TRUE, LeaksRegistry ); }
if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] RegCreateKeyW returns key %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *phkResult, status, callersAddress, callersCaller ); }
return(status);
} // RegCreateKeyW
LONGAPIENTRYLEAKS_RegCreateKeyExA( HKEY hKey, LPCSTR lpSubKey, DWORD Reserved, LPSTR lpClass, DWORD dwOptions, REGSAM samDesired, LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult, LPDWORD lpdwDisposition ){ LONG status; PVOID callersAddress; PVOID callersCaller;
status = (LONG)(*SystemRegCreateKeyExA)(hKey, lpSubKey, Reserved, lpClass, dwOptions, samDesired, lpSecurityAttributes, phkResult, lpdwDisposition );
if ( status == ERROR_SUCCESS ) { SetHandleTable( *phkResult, TRUE, LeaksRegistry ); }
if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] RegCreateKeyExA returns key %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *phkResult, status, callersAddress, callersCaller ); }
return(status);
} // RegCreateKeyExA
LONGAPIENTRYLEAKS_RegCreateKeyExW( HKEY hKey, LPCWSTR lpSubKey, DWORD Reserved, LPWSTR lpClass, DWORD dwOptions, REGSAM samDesired, LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult, LPDWORD lpdwDisposition ){ LONG status; PVOID callersAddress; PVOID callersCaller;
status = (LONG)(*SystemRegCreateKeyExW)( hKey, lpSubKey, Reserved, lpClass, dwOptions, samDesired, lpSecurityAttributes, phkResult, lpdwDisposition );
if ( status == ERROR_SUCCESS ) { SetHandleTable( *phkResult, TRUE, LeaksRegistry ); }
if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] RegCreateKeyExW returns key %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *phkResult, status, callersAddress, callersCaller ); }
return(status);
} // RegCreateKeyExW
LONGAPIENTRYLEAKS_RegCloseKey( HKEY hKey ){ LONG status; PVOID callersAddress; PVOID callersCaller;
status = (LONG)(*SystemRegCloseKey)( hKey );
if ( status == ERROR_SUCCESS ) { SetHandleTable( hKey, FALSE, LeaksRegistry ); }
if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] RegCloseKey for key %1!X! returns status %2!u!, called from %3!X! and %4!X!\n", hKey, status, callersAddress, callersCaller ); }
return(status);
} // RegCloseKey
BOOLWINAPILEAKS_CloseHandle( IN OUT HANDLE hObject ){ PVOID callersAddress; PVOID callersCaller;
if ( HandleTable[ HINDEX( hObject )].InUse ) {
RtlGetCallersAddress(&callersAddress, &callersCaller );
HandleTable[ HINDEX( hObject )].InUse = FALSE; HandleTable[ HINDEX( hObject )].Caller = callersAddress; HandleTable[ HINDEX( hObject )].CallersCaller = callersCaller;
if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] CloseHandle for handle %1!X!, called from %2!X! and %3!X!\n", hObject, callersAddress, callersCaller ); } }
return (BOOL)(*SystemCloseHandle)( hObject );}
BOOLWINAPILEAKS_OpenProcessToken ( IN HANDLE ProcessHandle, IN DWORD DesiredAccess, OUT PHANDLE TokenHandle ){ BOOL status; PVOID callersAddress; PVOID callersCaller;
status = (BOOL)(*SystemOpenProcessToken)(ProcessHandle, DesiredAccess, TokenHandle);
if ( status ) { SetHandleTable( *TokenHandle, TRUE, LeaksToken ); }
if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] OpenProcessToken returns handle %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *TokenHandle, status, callersAddress, callersCaller ); }
return(status);}
BOOLWINAPILEAKS_OpenThreadToken ( IN HANDLE ThreadHandle, IN DWORD DesiredAccess, IN BOOL OpenAsSelf, OUT PHANDLE TokenHandle ){ BOOL status; PVOID callersAddress; PVOID callersCaller;
status = (BOOL)(*SystemOpenThreadToken)(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle);
if ( status ) { SetHandleTable( *TokenHandle, TRUE, LeaksToken ); }
if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] OpenThreadToken returns handle %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *TokenHandle, status, callersAddress, callersCaller ); }
return(status);}
BOOLWINAPILEAKS_DuplicateToken( IN HANDLE ExistingTokenHandle, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, OUT PHANDLE DuplicateTokenHandle ){ BOOL status; PVOID callersAddress; PVOID callersCaller;
status = (BOOL)(*SystemDuplicateToken)(ExistingTokenHandle, ImpersonationLevel, DuplicateTokenHandle);
if ( status ) { SetHandleTable( *DuplicateTokenHandle, TRUE, LeaksToken ); }
if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] DuplicateToken returns handle %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *DuplicateTokenHandle, status, callersAddress, callersCaller ); }
return(status);}
BOOLWINAPILEAKS_DuplicateTokenEx( IN HANDLE hExistingToken, IN DWORD dwDesiredAccess, IN LPSECURITY_ATTRIBUTES lpTokenAttributes, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN TOKEN_TYPE TokenType, OUT PHANDLE phNewToken){ BOOL status; PVOID callersAddress; PVOID callersCaller;
status = (BOOL)(*SystemDuplicateTokenEx)(hExistingToken, dwDesiredAccess, lpTokenAttributes, ImpersonationLevel, TokenType, phNewToken);
if ( status ) { SetHandleTable( *phNewToken, TRUE, LeaksToken ); }
if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] DuplicateTokenEx returns handle %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *phNewToken, status, callersAddress, callersCaller ); }
return(status);}
|
