1
UASM Assembler Development / Re: UASM 2.40 release
« Last post by jj2007 on Today at 08:57:14 PM »Works fine for all my major sources 
Recent Posts
2
MasmBasic & the RichMasm IDE / Re: ExitProcess releases all resources, right?
« Last post by jj2007 on Today at 08:31:26 PM »Code: [Select]PspExitProcess(
IN BOOLEAN TrimAddressSpace,
IN PEPROCESS Process
)
{
ULONG ActualTime;
PAGED_CODE();
if (!Process->ExitProcessCalled && PspCreateProcessNotifyRoutineCount != 0) {
ULONG i;
That's interesting stuff (see How Advanced Malware Bypasses Process Monitoring), but my questions is a different one...
QuoteApparently, ExitProcess does not release menus created with CreatePopupMenuAccording to MSDN, the only time a menu is destroyed automatically is if it has been assigned to a window (during CreateWindowEx or with SetMenu)
or as a template with RegisterClassEx.
The point here is that MSDN is never clear about what "destroyed" really implies. Is it limited to the processes address space, so ExitProcess and wow, it's gone, or does it affect global resources that are NOT "destroyed" or "released" AFTER the ExitProcess. That is why I designed the launcher that creates fonts in an external exe - currently 1.6 Million fonts created, no effect on my system. So that confirms that fonts fall into the category "ExitProcess and forget about it".
Attached the test for CreatePopupMenu.
3
UASM Assembler Development / Re: UASM 2.40 release
« Last post by johnsa on Today at 08:12:00 PM »Hi,
Windows x86 and x64 packages have been updated with fixes in HLL for switch/for, a bunch of the warnings have been cleaned up as per qWords excellent list :)
Cheers
John
Windows x86 and x64 packages have been updated with fixes in HLL for switch/for, a bunch of the warnings have been cleaned up as per qWords excellent list :)
Cheers
John
4
MasmBasic & the RichMasm IDE / Re: ExitProcess releases all resources, right?
« Last post by LiaoMi on Today at 08:02:20 PM »Hi,
PspCreateProcessNotifyRoutine
Purpose - Array of executive callback objects
Array of callback objects describing the routines to be called on process creation and deletion (maximum of eight)
ExitProcess
Ends a process, and notifies all attached DLLs
TerminateProcess
Ends a process without notifying the DLLs
MmCleanProcessAddressSpace
Violation in object synchronization, the main cause of memory leaks, incorrect inheritance of processes, violation of process lists, incorrect programming in the system environment and other reasons. In a particular case, you need to know how to open and how to unload the fonts in the system environment. Under normal windows conditions, there should not be any leaks.
A small amount of RAM actively affects the behavior and the unloading of the program, since the disk cache is involved.
Code: [Select]
PspExitProcess(
IN BOOLEAN TrimAddressSpace,
IN PEPROCESS Process
)
{
ULONG ActualTime;
PAGED_CODE();
if (!Process->ExitProcessCalled && PspCreateProcessNotifyRoutineCount != 0) {
ULONG i;
for (i=0; i<PSP_MAX_CREATE_PROCESS_NOTIFY; i++) {
if (PspCreateProcessNotifyRoutine[i] != NULL) {
(*PspCreateProcessNotifyRoutine[i])( Process->InheritedFromUniqueProcessId,
Process->UniqueProcessId,
FALSE
);
}
}
}
Process->ExitProcessCalled = TRUE;
PoRundownProcess(Process);
//
// If the process is on the active list, remove it now. Must be done before ObKill
// due to code in ex\sysinfo that references the process through the handle table
//
if ( Process->ActiveProcessLinks.Flink != NULL &&
Process->ActiveProcessLinks.Blink != NULL ) {
ExAcquireFastMutex(&PspActiveProcessMutex);
RemoveEntryList(&Process->ActiveProcessLinks);
Process->ActiveProcessLinks.Flink = NULL;
Process->ActiveProcessLinks.Blink = NULL;
ExReleaseFastMutex(&PspActiveProcessMutex);
}
if (Process->SecurityPort) {
ObDereferenceObject(Process->SecurityPort);
Process->SecurityPort = NULL ;
}
if ( TrimAddressSpace ) {
//
// If the current process has previously set the timer resolution,
// then reset it.
//
if (Process->SetTimerResolution != FALSE) {
ZwSetTimerResolution(KeMaximumIncrement, FALSE, &ActualTime);
}
if ( Process->Job
&& Process->Job->CompletionPort
&& !(Process->JobStatus & PS_JOB_STATUS_NOT_REALLY_ACTIVE)
&& !(Process->JobStatus & PS_JOB_STATUS_EXIT_PROCESS_REPORTED)) {
ULONG_PTR ExitMessageId;
switch (Process->ExitStatus) {
case STATUS_GUARD_PAGE_VIOLATION :
case STATUS_DATATYPE_MISALIGNMENT :
case STATUS_BREAKPOINT :
case STATUS_SINGLE_STEP :
case STATUS_ACCESS_VIOLATION :
case STATUS_IN_PAGE_ERROR :
case STATUS_ILLEGAL_INSTRUCTION :
case STATUS_NONCONTINUABLE_EXCEPTION :
case STATUS_INVALID_DISPOSITION :
case STATUS_ARRAY_BOUNDS_EXCEEDED :
case STATUS_FLOAT_DENORMAL_OPERAND :
case STATUS_FLOAT_DIVIDE_BY_ZERO :
case STATUS_FLOAT_INEXACT_RESULT :
case STATUS_FLOAT_INVALID_OPERATION :
case STATUS_FLOAT_OVERFLOW :
case STATUS_FLOAT_STACK_CHECK :
case STATUS_FLOAT_UNDERFLOW :
case STATUS_INTEGER_DIVIDE_BY_ZERO :
case STATUS_INTEGER_OVERFLOW :
case STATUS_PRIVILEGED_INSTRUCTION :
case STATUS_STACK_OVERFLOW :
case STATUS_CONTROL_C_EXIT :
case STATUS_FLOAT_MULTIPLE_FAULTS :
case STATUS_FLOAT_MULTIPLE_TRAPS :
case STATUS_REG_NAT_CONSUMPTION :
ExitMessageId = JOB_OBJECT_MSG_ABNORMAL_EXIT_PROCESS;
break;
default:
ExitMessageId = JOB_OBJECT_MSG_EXIT_PROCESS;
break;
}
PS_SET_CLEAR_BITS (&Process->JobStatus,
PS_JOB_STATUS_EXIT_PROCESS_REPORTED,
PS_JOB_STATUS_LAST_REPORT_MEMORY);
ExAcquireFastMutex(&Process->Job->MemoryLimitsLock);
if (Process->Job->CompletionPort != NULL) {
IoSetIoCompletion(
Process->Job->CompletionPort,
Process->Job->CompletionKey,
(PVOID)Process->UniqueProcessId,
STATUS_SUCCESS,
ExitMessageId,
FALSE
);
}
ExReleaseFastMutex(&Process->Job->MemoryLimitsLock);
}
} else {
KeSetProcess(&Process->Pcb,0,FALSE);
ObKillProcess(FALSE, Process);
MmCleanProcessAddressSpace();
}
}PspCreateProcessNotifyRoutine
Purpose - Array of executive callback objects
Array of callback objects describing the routines to be called on process creation and deletion (maximum of eight)
ExitProcess
Ends a process, and notifies all attached DLLs
TerminateProcess
Ends a process without notifying the DLLs
Code: [Select]
} else {
KeSetProcess(&Process->Pcb,0,FALSE);
ObKillProcess(FALSE, Process);
MmCleanProcessAddressSpace();
}MmCleanProcessAddressSpace
Quote
Routine Description:
This routine cleans an address space by deleting all the
user and pagable portion of the address space. At the
completion of this routine, no page faults may occur within
the process.
Arguments:
None.
Return Value:
None.
Environment:
Kernel mode, APCs disabled.
Violation in object synchronization, the main cause of memory leaks, incorrect inheritance of processes, violation of process lists, incorrect programming in the system environment and other reasons. In a particular case, you need to know how to open and how to unload the fonts in the system environment. Under normal windows conditions, there should not be any leaks.
Quote
it just sits there for several minutes, sometimes spinning at 100% CPU, sometimes churning the hard drive (sometimes both)
A small amount of RAM actively affects the behavior and the unloading of the program, since the disk cache is involved.
5
MasmBasic & the RichMasm IDE / Re: ExitProcess releases all resources, right?
« Last post by sinsi on Today at 07:20:28 PM »Quote
Apparently, ExitProcess does not release menus created with CreatePopupMenuAccording to MSDN, the only time a menu is destroyed automatically is if it has been assigned to a window (during CreateWindowEx or with SetMenu)
or as a template with RegisterClassEx.
6
MasmBasic & the RichMasm IDE / Re: ExitProcess releases all resources, right?
« Last post by jj2007 on Today at 05:56:25 PM »Quick test whether fonts fall in the category "fully released":
include \masm32\MasmBasic\MasmBasic.inc ; download
Init
xor ecx, ecx
PrintLine "counter ticks hit Ctrl C to stop the test"
.Repeat
inc ecx
Print Cr$, Str$(ecx), " "
Launch "StressTestMakeFont.exe" ; the exe creates ten fonts
.Until edx!=123
deb 1, "test finished", edx, $Err$()
EndOfCode
Here is the source of the exe that creates fonts but does not delete them on ExitProcess:
include \masm32\MasmBasic\MasmBasic.inc ; download
Init
Print Str$(rv(GetTickCount)) ; feedback
MakeFont hF0, Height:10, "Arial"
MakeFont hF1, Height:11
MakeFont hF2, Height:12
MakeFont hF3, Height:13
MakeFont hF4, Height:14
MakeFont hF5, Height:15
MakeFont hF6, Height:16
MakeFont hF7, Height:17
MakeFont hF8, Height:18
MakeFont hF9, Height:19
invoke GetLastError
add eax, 123
Exit eax ; Launcher will check for !=123
EndOfCode
In a first test on Win7-64, there was no problem with well over 80,000 launches, i.e. 800,000 fonts.
See also this old thread
include \masm32\MasmBasic\MasmBasic.inc ; download
Init
xor ecx, ecx
PrintLine "counter ticks hit Ctrl C to stop the test"
.Repeat
inc ecx
Print Cr$, Str$(ecx), " "
Launch "StressTestMakeFont.exe" ; the exe creates ten fonts
.Until edx!=123
deb 1, "test finished", edx, $Err$()
EndOfCode
Here is the source of the exe that creates fonts but does not delete them on ExitProcess:
include \masm32\MasmBasic\MasmBasic.inc ; download
Init
Print Str$(rv(GetTickCount)) ; feedback
MakeFont hF0, Height:10, "Arial"
MakeFont hF1, Height:11
MakeFont hF2, Height:12
MakeFont hF3, Height:13
MakeFont hF4, Height:14
MakeFont hF5, Height:15
MakeFont hF6, Height:16
MakeFont hF7, Height:17
MakeFont hF8, Height:18
MakeFont hF9, Height:19
invoke GetLastError
add eax, 123
Exit eax ; Launcher will check for !=123
EndOfCode
In a first test on Win7-64, there was no problem with well over 80,000 launches, i.e. 800,000 fonts.
See also this old thread
8
The Colosseum / Re: Friday afternoon jokes
« Last post by daydreamer2 on Today at 02:31:44 AM »here we had lots of jokes on norwegians are stupid and they had swedes are stupid jokes too
when 80s tvshow with Hulk Went: the hulk flopped in norway,because every nowegians saw a green man so they walked away
when 80s tvshow with Hulk Went: the hulk flopped in norway,because every nowegians saw a green man so they walked away
9
64 Bit Assembler / Re: Downloading Visual Studio Express to get windows binaries
« Last post by hutch-- on Today at 02:25:20 AM »Mark,
MASM in 64 bit and the Watcom based binaries (JWASM, UASM and nidud's version) do not use compatible prototypes, neither can use the other's includes. To use the developing 64 bit MASM SDK you really need to have ML64 and this is why I suggested getting a version of Visual Studio that works on your Win7 64 bit box.
MASM in 64 bit and the Watcom based binaries (JWASM, UASM and nidud's version) do not use compatible prototypes, neither can use the other's includes. To use the developing 64 bit MASM SDK you really need to have ML64 and this is why I suggested getting a version of Visual Studio that works on your Win7 64 bit box.
10
The Laboratory / Re: Nested Procedures
« Last post by aw27 on Today at 02:01:43 AM »It is an interesting study although not many higher level languages use internal procedure nesting, what I wonder is if the is much difference between conventional nesting by calling a chain of external procedures as against building the nesting within one procedure. I have very occasionally nested a procedure within another by defining a normal stack frame manually but I don't see any real advantage in doing so.
The Pascal Language, namely Delphi support nested procedures. What I find nice is the capability to access variables of outer functions without passing them as parameters. There are a few other alternatives, including anonymous functions but they carry a larger overhead. BTW, I don't think Delphi uses the ENTER instruction.
