Databases
StackOverflow2013
Postsdbo
POSecure Memory Allocator in C++
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POSecure Memory Allocator in C++
    text
    copied!<p>I want to create an allocator which provides memory with the following attributes:</p> <ul> <li>cannot be paged to disk. </li> <li>is incredibly hard to access through an attached debugger</li> </ul> <p>The idea is that this will contain sensitive information (like licence information) which should be inaccessible to the user. I have done the usual research online and asked a few other people about this, but I cannot find a good place start on this problem.</p> <p><strong>Updates</strong></p> <p><a href="https://stackoverflow.com/questions/8451/secure-memory-allocator-in-c#27194">Josh</a> mentions using <code>VirtualAlloc</code> to set protection on the memory space. I have created a custom allocator ( shown below ) I have found the using the <code>VirtualLock</code> function it limits the amount of memory I can allocate. This seems to be by design though. Since I am using it for small objects this is not a problem.</p> <pre><code>// template&lt;class _Ty&gt; class LockedVirtualMemAllocator : public std::allocator&lt;_Ty&gt; { public: template&lt;class _Other&gt; LockedVirtualMemAllocator&lt;_Ty&gt;&amp; operator=(const LockedVirtualMemAllocator&lt;_Other&gt;&amp;) { // assign from a related LockedVirtualMemAllocator (do nothing) return (*this); } template&lt;class Other&gt; struct rebind { typedef LockedVirtualMemAllocator&lt;Other&gt; other; }; pointer allocate( size_type _n ) { SIZE_T allocLen = (_n * sizeof(_Ty)); DWORD allocType = MEM_COMMIT; DWORD allocProtect = PAGE_READWRITE; LPVOID pMem = ::VirtualAlloc( NULL, allocLen, allocType, allocProtect ); if ( pMem != NULL ) { ::VirtualLock( pMem, allocLen ); } return reinterpret_cast&lt;pointer&gt;( pMem ); } pointer allocate( size_type _n, const void* ) { return allocate( _n ); } void deallocate(void* _pPtr, size_type _n ) { if ( _pPtr != NULL ) { SIZE_T allocLen = (_n * sizeof(_Ty)); ::SecureZeroMemory( _pPtr, allocLen ); ::VirtualUnlock( _pPtr, allocLen ); ::VirtualFree( _pPtr, 0, MEM_RELEASE ); } } }; </code></pre> <p>and is used</p> <pre><code> //a memory safe std::string typedef std::basic_string&lt;char, std::char_traits&lt;char&gt;, LockedVirtualMemAllocato&lt;char&gt; &gt; modulestring_t; </code></pre> <p><a href="https://stackoverflow.com/questions/8451/secure-memory-allocator-in-c#38708">Ted Percival</a> mentions mlock, but I have no implementation of that yet.</p> <p>I found <a href="http://www.schneier.com/book-practical.html" rel="nofollow noreferrer">Practical Cryptography by Neil Furguson and Bruce Schneier</a> quite helpful as well.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload