mhook icon indicating copy to clipboard operation
mhook copied to clipboard

Published 20 hours ago verified publisher icon apriorit

BlockAlloc: Try to allocate a block rather than returning null.

Open Convery opened this issue 5 years ago • 9 comments

Like the title implies, noticed that the library would fail in some contexts so copy/pasted the allocation as a fallback. May want to refactor it properly in the future.

Convery avatar Jan 31 '20 12:01 Convery

Oh, that's an interesting finding. I think it's better to fix the original allocation loop. Random allocation can be more than 2GB away. By the way, do you have a sample that reproduces allocation failure, so we can test the fix?

SergiusTheBest avatar Jan 31 '20 13:01 SergiusTheBest

Sorry, I do not. Was in a large game where a dependency created a thread in DllMain and later would try to install hooks after prompting the user. The interesting part is that other DLLs that hooked things after the executables main() had no issues. If that helps the investigating.

Convery avatar Jan 31 '20 13:01 Convery

Yes, the bug is clear. The allocation loop starts from the module base and goes up and down symmetrically. If it hits a memory limit from high or below then it stops iterating. However there is still plenty of memory in another direction.

SergiusTheBest avatar Jan 31 '20 13:01 SergiusTheBest

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Mar 21 '20 14:03 stale[bot]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar May 10 '20 15:05 stale[bot]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Jun 30 '20 15:06 stale[bot]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Aug 19 '20 19:08 stale[bot]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Oct 09 '20 12:10 stale[bot]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Nov 28 '20 19:11 stale[bot]