/*++ Copyright (c) 1996 Microsoft Corporation Module Name: leaks.c Abstract: A filter DLL for trying to detect memory, event, registry, and token handle leaks. Author: Charlie Wickham/Rod Gamache Revision History: --*/ #include #include #include #define _ADVAPI32_ #define _KERNEL32_ #include #include #include "clusrtl.h" #include "leaks.h" HINSTANCE Kernel32Handle; HINSTANCE Advapi32Handle; FARPROC SystemLocalAlloc; FARPROC SystemLocalFree; FARPROC SystemCreateEventA; FARPROC SystemCreateEventW; FARPROC SystemRegOpenKeyA; FARPROC SystemRegOpenKeyW; FARPROC SystemRegOpenKeyExA; FARPROC SystemRegOpenKeyExW; FARPROC SystemRegCreateKeyA; FARPROC SystemRegCreateKeyW; FARPROC SystemRegCreateKeyExA; FARPROC SystemRegCreateKeyExW; FARPROC SystemRegCloseKey; FARPROC SystemOpenProcessToken; FARPROC SystemOpenThreadToken; FARPROC SystemDuplicateToken; FARPROC SystemDuplicateTokenEx; FARPROC SystemCloseHandle; #define SetSystemPointer( _h, _n ) \ System##_n = GetProcAddress( _h, #_n ); BOOL LeaksVerbose = FALSE; HANDLE_TABLE HandleTable[ MAX_HANDLE / HANDLE_DELTA ]; BOOLEAN WINAPI LeaksDllEntry( IN HINSTANCE DllHandle, IN DWORD Reason, IN LPVOID Reserved ) /*++ Routine Description: Main DLL entrypoint Arguments: DllHandle - Supplies the DLL handle. Reason - Supplies the call reason Return Value: TRUE if successful FALSE if unsuccessful --*/ { if (Reason == DLL_PROCESS_ATTACH) { DisableThreadLibraryCalls(DllHandle); ClRtlInitialize( TRUE, NULL ); // // get pointers to the real functions // Kernel32Handle = LoadLibrary( "kernel32.dll" ); Advapi32Handle = LoadLibrary( "advapi32.dll" ); SetSystemPointer( Kernel32Handle, LocalAlloc ); SetSystemPointer( Kernel32Handle, LocalFree ); SetSystemPointer( Kernel32Handle, CreateEventA ); SetSystemPointer( Kernel32Handle, CreateEventW ); SetSystemPointer( Advapi32Handle, RegOpenKeyA ); SetSystemPointer( Advapi32Handle, RegOpenKeyW ); SetSystemPointer( Advapi32Handle, RegOpenKeyExA ); SetSystemPointer( Advapi32Handle, RegOpenKeyExW ); SetSystemPointer( Advapi32Handle, RegCreateKeyA ); SetSystemPointer( Advapi32Handle, RegCreateKeyW ); SetSystemPointer( Advapi32Handle, RegCreateKeyExA ); SetSystemPointer( Advapi32Handle, RegCreateKeyExW ); SetSystemPointer( Advapi32Handle, RegCloseKey ); SetSystemPointer( Advapi32Handle, OpenProcessToken ); SetSystemPointer( Advapi32Handle, OpenThreadToken ); SetSystemPointer( Advapi32Handle, DuplicateToken ); SetSystemPointer( Advapi32Handle, DuplicateTokenEx ); SetSystemPointer( Kernel32Handle, CloseHandle ); } return(TRUE); } HLOCAL WINAPI LEAKS_LocalAlloc( UINT uFlags, SIZE_T uBytes ) { HLOCAL memory; PMEM_HDR memHdr; PVOID callersAddress; PVOID callersCaller; RtlGetCallersAddress( &callersAddress, &callersCaller ); memHdr = (PVOID)(*SystemLocalAlloc)( uFlags, uBytes + sizeof(MEM_HDR) ); if ( !memHdr ) { return NULL; } memHdr->Signature = HEAP_SIGNATURE_ALLOC; memHdr->CallersAddress = callersAddress; memHdr->CallersCaller = callersCaller; return(memHdr+1); } HLOCAL WINAPI LEAKS_LocalFree( HLOCAL hMem ) { PMEM_HDR memHdr = hMem; PVOID callersAddress; PVOID callersCaller; CHAR buf[128]; if ( memHdr ) { --memHdr; if ( memHdr->Signature == HEAP_SIGNATURE_FREE ) { sprintf( buf, "Freeing %p a 2nd time!\n", memHdr ); OutputDebugString( buf ); DebugBreak(); } else if ( memHdr->Signature == HEAP_SIGNATURE_ALLOC ) { RtlGetCallersAddress(&callersAddress, &callersCaller ); memHdr->Signature = HEAP_SIGNATURE_FREE; memHdr->CallersAddress = callersAddress; memHdr->CallersCaller = callersCaller; } else { memHdr++; } } else { #if 0 sprintf( buf, "Passing NULL to LocalFree, tsk, tsk, tsk!!\n" ); OutputDebugString( buf ); DebugBreak(); #endif } return( (HLOCAL)(*SystemLocalFree)(memHdr) ); } HANDLE WINAPI LEAKS_CreateEventA( LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState, LPCSTR lpName ) { HANDLE handle; PVOID callersAddress; PVOID callersCaller; handle = (HANDLE)(*SystemCreateEventA)( lpEventAttributes, bManualReset, bInitialState, lpName ); if ( handle != NULL ) { SetHandleTable( handle, TRUE, LeaksEvent ); } if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] CreateEventA returns handle %1!X!, called from %2!X! and %3!X!\n", handle, callersAddress, callersCaller ); } return(handle); } // CreateEventA HANDLE WINAPI LEAKS_CreateEventW( LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState, LPCWSTR lpName ) { HANDLE handle; PVOID callersAddress; PVOID callersCaller; handle = (HANDLE)(*SystemCreateEventW)( lpEventAttributes, bManualReset, bInitialState, lpName ); if ( handle != NULL ) { SetHandleTable( handle, TRUE, LeaksEvent ); } if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE,"[LEAKS] CreateEventW returns handle %1!X!, called from %2!X! and %3!X!\n", handle, callersAddress, callersCaller ); } return(handle); } // CreateEventW LONG APIENTRY LEAKS_RegOpenKeyA( HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult ) { LONG status; PVOID callersAddress; PVOID callersCaller; status = (LONG)(*SystemRegOpenKeyA)( hKey, lpSubKey, phkResult ); if ( status == ERROR_SUCCESS ) { SetHandleTable( *phkResult, TRUE, LeaksRegistry ); } if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE,"[LEAKS] RegOpenKeyA returns key %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *phkResult, status, callersAddress, callersCaller ); } return(status); } // RegOpenKeyA LONG APIENTRY LEAKS_RegOpenKeyW( HKEY hKey, LPCWSTR lpSubKey, PHKEY phkResult ) { LONG status; PVOID callersAddress; PVOID callersCaller; status = (LONG)(*SystemRegOpenKeyW)( hKey, lpSubKey, phkResult ); if ( status == ERROR_SUCCESS ) { SetHandleTable( *phkResult, TRUE, LeaksRegistry ); } if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] RegOpenKeyW returns key %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *phkResult, status, callersAddress, callersCaller ); } return(status); } // RegOpenKeyW LONG APIENTRY LEAKS_RegOpenKeyExA( HKEY hKey, LPCSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult ) { LONG status; PVOID callersAddress; PVOID callersCaller; status = (LONG)(*SystemRegOpenKeyExA)( hKey, lpSubKey, ulOptions, samDesired, phkResult ); if ( status == ERROR_SUCCESS ) { SetHandleTable( *phkResult, TRUE, LeaksRegistry ); } if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] RegOpenKeyExA returns key %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *phkResult, status, callersAddress, callersCaller ); } return(status); } // RegOpenKeyExA LONG APIENTRY LEAKS_RegOpenKeyExW( HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult ) { LONG status; PVOID callersAddress; PVOID callersCaller; status = (LONG)(*SystemRegOpenKeyExW)( hKey, lpSubKey, ulOptions, samDesired, phkResult ); if ( status == ERROR_SUCCESS ) { SetHandleTable( *phkResult, TRUE, LeaksRegistry ); } if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] RegOpenKeyExW returns key %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *phkResult, status, callersAddress, callersCaller ); } return(status); } // RegOpenKeyExW LONG APIENTRY LEAKS_RegCreateKeyA( HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult ) { LONG status; PVOID callersAddress; PVOID callersCaller; status = (LONG)(*SystemRegCreateKeyA)( hKey, lpSubKey, phkResult ); if ( status == ERROR_SUCCESS ) { SetHandleTable( *phkResult, TRUE, LeaksRegistry ); } if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] RegCreateKeyA returns key %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *phkResult, status, callersAddress, callersCaller ); } return(status); } // RegCreateKeyA LONG APIENTRY LEAKS_RegCreateKeyW( HKEY hKey, LPCWSTR lpSubKey, PHKEY phkResult ) { LONG status; PVOID callersAddress; PVOID callersCaller; status = (LONG)(*SystemRegCreateKeyW)( hKey, lpSubKey, phkResult ); if ( status == ERROR_SUCCESS ) { SetHandleTable( *phkResult, TRUE, LeaksRegistry ); } if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] RegCreateKeyW returns key %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *phkResult, status, callersAddress, callersCaller ); } return(status); } // RegCreateKeyW LONG APIENTRY LEAKS_RegCreateKeyExA( HKEY hKey, LPCSTR lpSubKey, DWORD Reserved, LPSTR lpClass, DWORD dwOptions, REGSAM samDesired, LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult, LPDWORD lpdwDisposition ) { LONG status; PVOID callersAddress; PVOID callersCaller; status = (LONG)(*SystemRegCreateKeyExA)(hKey, lpSubKey, Reserved, lpClass, dwOptions, samDesired, lpSecurityAttributes, phkResult, lpdwDisposition ); if ( status == ERROR_SUCCESS ) { SetHandleTable( *phkResult, TRUE, LeaksRegistry ); } if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] RegCreateKeyExA returns key %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *phkResult, status, callersAddress, callersCaller ); } return(status); } // RegCreateKeyExA LONG APIENTRY LEAKS_RegCreateKeyExW( HKEY hKey, LPCWSTR lpSubKey, DWORD Reserved, LPWSTR lpClass, DWORD dwOptions, REGSAM samDesired, LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult, LPDWORD lpdwDisposition ) { LONG status; PVOID callersAddress; PVOID callersCaller; status = (LONG)(*SystemRegCreateKeyExW)( hKey, lpSubKey, Reserved, lpClass, dwOptions, samDesired, lpSecurityAttributes, phkResult, lpdwDisposition ); if ( status == ERROR_SUCCESS ) { SetHandleTable( *phkResult, TRUE, LeaksRegistry ); } if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] RegCreateKeyExW returns key %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *phkResult, status, callersAddress, callersCaller ); } return(status); } // RegCreateKeyExW LONG APIENTRY LEAKS_RegCloseKey( HKEY hKey ) { LONG status; PVOID callersAddress; PVOID callersCaller; status = (LONG)(*SystemRegCloseKey)( hKey ); if ( status == ERROR_SUCCESS ) { SetHandleTable( hKey, FALSE, LeaksRegistry ); } if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] RegCloseKey for key %1!X! returns status %2!u!, called from %3!X! and %4!X!\n", hKey, status, callersAddress, callersCaller ); } return(status); } // RegCloseKey BOOL WINAPI LEAKS_CloseHandle( IN OUT HANDLE hObject ) { PVOID callersAddress; PVOID callersCaller; if ( HandleTable[ HINDEX( hObject )].InUse ) { RtlGetCallersAddress(&callersAddress, &callersCaller ); HandleTable[ HINDEX( hObject )].InUse = FALSE; HandleTable[ HINDEX( hObject )].Caller = callersAddress; HandleTable[ HINDEX( hObject )].CallersCaller = callersCaller; if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] CloseHandle for handle %1!X!, called from %2!X! and %3!X!\n", hObject, callersAddress, callersCaller ); } } return (BOOL)(*SystemCloseHandle)( hObject ); } BOOL WINAPI LEAKS_OpenProcessToken ( IN HANDLE ProcessHandle, IN DWORD DesiredAccess, OUT PHANDLE TokenHandle ) { BOOL status; PVOID callersAddress; PVOID callersCaller; status = (BOOL)(*SystemOpenProcessToken)(ProcessHandle, DesiredAccess, TokenHandle); if ( status ) { SetHandleTable( *TokenHandle, TRUE, LeaksToken ); } if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] OpenProcessToken returns handle %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *TokenHandle, status, callersAddress, callersCaller ); } return(status); } BOOL WINAPI LEAKS_OpenThreadToken ( IN HANDLE ThreadHandle, IN DWORD DesiredAccess, IN BOOL OpenAsSelf, OUT PHANDLE TokenHandle ) { BOOL status; PVOID callersAddress; PVOID callersCaller; status = (BOOL)(*SystemOpenThreadToken)(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle); if ( status ) { SetHandleTable( *TokenHandle, TRUE, LeaksToken ); } if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] OpenThreadToken returns handle %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *TokenHandle, status, callersAddress, callersCaller ); } return(status); } BOOL WINAPI LEAKS_DuplicateToken( IN HANDLE ExistingTokenHandle, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, OUT PHANDLE DuplicateTokenHandle ) { BOOL status; PVOID callersAddress; PVOID callersCaller; status = (BOOL)(*SystemDuplicateToken)(ExistingTokenHandle, ImpersonationLevel, DuplicateTokenHandle); if ( status ) { SetHandleTable( *DuplicateTokenHandle, TRUE, LeaksToken ); } if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] DuplicateToken returns handle %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *DuplicateTokenHandle, status, callersAddress, callersCaller ); } return(status); } BOOL WINAPI LEAKS_DuplicateTokenEx( IN HANDLE hExistingToken, IN DWORD dwDesiredAccess, IN LPSECURITY_ATTRIBUTES lpTokenAttributes, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN TOKEN_TYPE TokenType, OUT PHANDLE phNewToken) { BOOL status; PVOID callersAddress; PVOID callersCaller; status = (BOOL)(*SystemDuplicateTokenEx)(hExistingToken, dwDesiredAccess, lpTokenAttributes, ImpersonationLevel, TokenType, phNewToken); if ( status ) { SetHandleTable( *phNewToken, TRUE, LeaksToken ); } if ( LeaksVerbose ) { ClRtlLogPrint(LOG_NOISE, "[LEAKS] DuplicateTokenEx returns handle %1!X!, status %2!u!, called from %3!X! and %4!X!\n", *phNewToken, status, callersAddress, callersCaller ); } return(status); }