0

I've got a bug where a structure at a specific address in a multithreaded program becomes invalid according to a debug-assertion. I already disabled ALSR with the linker to disable ASLR of the modules. But is it possible to disable ASLR for VirtualAlloc, on which malloc, new etc. bases, so that I can set a conditional breakpoint with that adress in a condition at other places ?

I think it should be possible to have repeatable allocation-addresses for each program-run as long as there's no randomness involved.

Bonita Montero
  • 2,465
  • 6
  • 16
  • 1
    ASLR randomizes *module* load addresses, not addresses of heap-allocated resources. – IInspectable Jun 02 '20 at 12:01
  • even if you can do this (process heap all time at the same place), this is not help in bug research i think. – RbMm Jun 02 '20 at 12:47
  • The source of randomness isn't the heap allocation. It is your use of multiple threads, each sharing the same heap. You would either have to make thread scheduling deterministic (I'm not aware of a way to do that), or use a different tool for debugging, that doesn't rely on objects residing at particular memory addresses. [Time Travel Debugging](https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/time-travel-debugging-overview) is one such tool. It allows you to work back from the bug surfacing to the time it was installed. – IInspectable Jun 02 '20 at 12:51
  • @RbMm: No, it would definitely help to have repeatable allocations. – Bonita Montero Jun 02 '20 at 12:52
  • @IInspectable: The allocations where done before the threads begin to run. The theads operate on data-structures without doing any allocations. – Bonita Montero Jun 02 '20 at 12:53
  • @BonitaMontero - memory allocations in heap also randomized, even if heap have same base probably address of block will be different all time anyway. can advice allocate self private heap and allocations (which fail) do from it. you can after heap created save it address for debug, and possible set memory breaks – RbMm Jun 02 '20 at 12:55
  • To my knowledge, at least the debug heap is deterministic when used from a single thread. If you want to avoid Time Travel Debugging, you can use the [Unique Allocation Request Numbers](https://docs.microsoft.com/en-us/visualstudio/debugger/crt-debug-heap-details#BKMK_Track_Heap_Allocation_Requests) to identify the object in question, and set up your debugger to break, when that request is serviced to relate it to an address. I'd probably just use Time Travel Debugging. – IInspectable Jun 02 '20 at 13:06
  • @RbMm: Why should it be randomized if the process of how the allocations are ordered are the same every time the procress runs? – Bonita Montero Jun 02 '20 at 13:09
  • @BonitaMontero - if you use common heap - not only you allocate memory here, because this can be random picture. so i and say you need use separate|private heap at begin. then i dont know exactly about your bug|problem, so hard to say more until. – RbMm Jun 02 '20 at 13:31
  • @RbMm: Why shouldn't it be deterministic which addresses are returned from VirtualAlloc etc. when the size and the ordering of the allocations are constant? There's no reason for that. – Bonita Montero Jun 02 '20 at 13:39
  • Sorry, I was wrong, and @IInspectable was also: ASLR applies to modules _as_well_as_the_heap_. Heap-randomization is definitely called ASLR (look f.e. at the Wikipedia) and now my task is to find out how to disable this randomization for a single process. – Bonita Montero Jun 02 '20 at 13:52
  • Why are you hell-bent on analyzing the issue using a predefined route rather than solving the issue? Record a TTD trace, and have your bug analyzed in less than an hour. [WinDbg Preview](https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugging-using-windbg-preview) has a UI that doesn't expect you to know all those WinDbg commands by heart, and navigating a TTD trace is no different from clicking a link in a web page. And yes, TTD runs your multi-threaded code concurrently, so you won't suddenly see your bug disappear when trying to record it. – IInspectable Jun 02 '20 at 14:24
  • Does this answer your question? [How to make malloc return the same address every time using MSVC?](https://stackoverflow.com/questions/61740028/how-to-make-malloc-return-the-same-address-every-time-using-msvc) – Scott McPeak Apr 03 '21 at 12:35

0 Answers0