3

I am attempting to debug a memory leak within my application. The leaked object is somewhat difficult to identify (before destroying the heap), and there are many similar objects created. If it were to have the same address each session, it would make it considerably easier. As such, I'm trying to disable ASLR using /FIXED and /DYNAMICBASE:NO in the linker properties of my executable.

However, this doesn't seem to achieve the desired result, the address is still different each time. Additionally, even the addresses for argv in main are different each session. Are there some additional parameters I need to set, or am I somehow misunderstanding the purpose of these flags?

MuertoExcobito
  • 9,741
  • 2
  • 37
  • 78
  • 1
    The best approach to find your leak is to use the Windows Crt debug features as e.g. introduced here: https://msdn.microsoft.com/en-us/library/x98tx3cf.aspx – BitTickler Oct 24 '16 at 05:24
  • @BitTickler - I already know which object has leaked post-mortem (just like the CRT dump will tell me - I have a similar leak reporting system), but, I would like to identify the object when it is allocated (and in turn when it is referenced), which is why I need the allocation address to remain constant. – MuertoExcobito Oct 24 '16 at 05:32
  • 1
    With the Crt debug features you can do some quite handy stuff. Like set a breakpoint on the allocation number of your object. So, first use the crt stuff to identify the allocation which causes trouble, then in the next run you can break on it. That is usually my path to success.... That, and writing unit tests... I mention that because I consider it quite a waste of time to find logical errors in the live system. If you have some threading related issues, of course sometimes that is all you can do. – BitTickler Oct 24 '16 at 05:36
  • You are talking about something else than /dynamicbase, you want heap and stack address randomization turned off. Big ask on later Windows versions, I'm 90% sure that this is not possible. Big maybe on an appcompat shim that disables them but Google hasn't heard of it. Use `_crtBreakAlloc` to get ahead. – Hans Passant Oct 24 '16 at 06:24
  • @HansPassant: Actually, the two are definitely related. ASLR ignores the preferred base address and relocates the executable and its DLL's. This is of course only possible if the executable is relocatable to start with. `/FIXED` makes the base address mandatory instead of preferential. And `/DynamicBase` is exactly the ASLR flag. – MSalters Oct 24 '16 at 07:09
  • He would not have asked this question if that was the case. I think Win7 was the last Windows version that made HeapAlloc() behave predictably with ASLR turned off. Maybe for Win8, definitely not for Win10. – Hans Passant Oct 24 '16 at 07:28

1 Answers1

4

You're looking at data addresses; ASLR is primarily for code. It determines where the EXE and DLL code segments are loaded.

You can override operator new to control memory allocations, and use VirtualAlloc with a defined base address to make allocations more deterministic (still could have multi-threaded race conditions though). Alternatively, use the MSVC default heap debugging facilities to identify a block by its sequence number instead of its address.

MSalters
  • 173,980
  • 10
  • 155
  • 350