hooking HeapFree -> access violation (windows 7 x64)

Sep 14, 2012 at 4:12 PM

I need to hook memory deallocation for profiling. I cannot hook free() because of conditional jump at the beginning of the function (only in x64). Hooking of HeapFree was successful but crashes after returning from LhBarrierIntro(). LhBarrierIntro() executed "DONT_INTERCEPT" section, returned FALSE and then shortly after returning executing the code below the app crashed on the last line:

00000000771B030C  test        rax,rax  
00000000771B030F  ht jne      00000000771B0329  
00000000771B0312  lea         rax,[771B0290h]  
00000000771B0319  mov         rax,qword ptr [rax]  
00000000771B031C  lock dec    qword ptr [rax]  
00000000771B0320  lea         rax,[771B0278h]  
00000000771B0327  jmp         00000000771B0378  
00000000771B0329  lea         rax,[771B0341h]  
00000000771B0330  mov         qword ptr [rsp+80h],rax  
00000000771B0338  lea         rax,[771B0280h]  
00000000771B033F  jmp         00000000771B0378  
00000000771B0341  push        0  
00000000771B0343  push        rax  
00000000771B0344  sub         rsp,30h  
00000000771B0348  movups      xmmword ptr [rsp+20h],xmm0  
00000000771B034D  lea         rcx,[771B0298h]  
00000000771B0354  lea         rdx,[rsp+38h]  
00000000771B0359  call        qword ptr [771B0288h]  
00000000771B035F  lea         rax,[771B0290h]  
00000000771B0366  mov         rax,qword ptr [rax]  
00000000771B0369  lock dec    qword ptr [rax]  
00000000771B036D  add         rsp,30h  
00000000771B0371  movups      xmm0,xmmword ptr [rsp-10h]  
00000000771B0376  pop         rax  
00000000771B0377  ret  
00000000771B0378  add         rsp,60h  
00000000771B037C  movups      xmm3,xmmword ptr [rsp-40h]  
00000000771B0381  movups      xmm2,xmmword ptr [rsp-30h]  
00000000771B0386  movups      xmm1,xmmword ptr [rsp-20h]  
00000000771B038B  movups      xmm0,xmmword ptr [rsp-10h]  
00000000771B0390  pop         r9  
00000000771B0392  pop         r8  
00000000771B0394  pop         rdx  
00000000771B0395  pop         rcx  
00000000771B0396  jmp         qword ptr [rax]  
00000000771B0398  sub         rsp,28h  
00000000771B039C  call        qword ptr [7722A050h]  

Is it known issue or something specific to me?


Sep 24, 2012 at 3:42 PM

Same problem here.

HeapFree throws Access Violation (0xc0000005) at Address 0xffffffffffffffff calling the original HeapFree function on Win7 64bit.


Oct 17, 2012 at 10:07 AM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.
Oct 17, 2012 at 11:21 AM

btw - just noticed it had already been copied into an issue - i'll close the original one so the link above is useful.