Databases
StackOverflow2013
Postsdbo
POMemory Leak while verifying Authenticode Signature of Executables?
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POMemory Leak while verifying Authenticode Signature of Executables?
    primarykey
    data
    text
    <p>I am using <a href="http://msdn.microsoft.com/en-us/library/aa388208(v=VS.85).aspx" rel="nofollow noreferrer">WinVerifyTrust</a> to verify the validity of some Windows executables with the following function, called in a loop from <code>_tmain</code>:</p> <pre><code>int signature_is_valid(const wchar_t *filepath) { GUID guid = WINTRUST_ACTION_GENERIC_VERIFY_V2; WINTRUST_FILE_INFO file_info = { 0 }; WINTRUST_DATA wd; file_info.cbStruct = sizeof(file_info); file_info.pcwszFilePath = filepath; file_info.hFile = NULL; file_info.pgKnownSubject = NULL; ZeroMemory(&amp;wd, sizeof(wd)); wd.cbStruct = sizeof(wd); wd.dwUIChoice = WTD_UI_NONE; wd.fdwRevocationChecks = WTD_REVOCATION_CHECK_NONE; wd.dwUnionChoice = WTD_CHOICE_FILE; wd.dwStateAction = 0; wd.pFile = &amp;file_info; wd.dwProvFlags = WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT | WTD_CACHE_ONLY_URL_RETRIEVAL; return 0 == WinVerifyTrust(NULL, &amp;guid, &amp;wd); } </code></pre> <p>However, with every loop the memory keeps growing, a sure sign of a memory leak. </p> <p>Is there a problem with my understanding of the <code>API</code> or is the <code>WinVerifyTrust</code> function actually leaking? I am testing this on a <code>Windows XP Professional SP3</code> system.</p> <p><strong>EDIT:</strong></p> <p>Here is some output from <code>umdh</code>:</p> <pre><code>+ 16812 ( 16992 - 180) 472 allocs BackTraceAD1 + 467 ( 472 - 5) BackTraceAD1 allocations ntdll!RtlDebugAllocateHeap+000000E1 ntdll!RtlAllocateHeapSlowly+00000044 ntdll!RtlAllocateHeap+00000E64 kernel32!LocalAlloc+00000058 CRYPT32!operator new+00000011 CRYPT32!I_CryptCreateLruEntry+00000011 CRYPT32!CreateAuthRootAutoUpdateMatchCaches+00000107 CRYPT32!CCertChainEngine::FindAuthRootAutoUpdateMatchingCtlEntries+0000004D CRYPT32!CChainPathObject::GetAuthRootAutoUpdateUrlStore+000000C9 CRYPT32!CChainPathObject::CChainPathObject+0000030E CRYPT32!ChainCreatePathObject+00000050 CRYPT32!CCertIssuerList::AddIssuer+0000006A CRYPT32!CChainPathObject::FindAndAddIssuersFromStoreByMatchType+00000182 CRYPT32!CChainPathObject::FindAndAddIssuersByMatchType+00000096 CRYPT32!CChainPathObject::FindAndAddIssuers+00000023 CRYPT32!CChainPathObject::CChainPathObject+000001F9 CRYPT32!ChainCreatePathObject+00000050 CRYPT32!CCertIssuerList::AddIssuer+0000006A CRYPT32!CChainPathObject::FindAndAddIssuersFromCacheByMatchType+00000084 CRYPT32!CChainPathObject::FindAndAddIssuersByMatchType+00000023 CRYPT32!CChainPathObject::FindAndAddIssuers+00000063 CRYPT32!CChainPathObject::CChainPathObject+000001F9 CRYPT32!ChainCreatePathObject+00000050 CRYPT32!CCertChainEngine::CreateChainContextFromPathGraph+0000019E CRYPT32!CCertChainEngine::GetChainContext+00000044 CRYPT32!CertGetCertificateChain+00000060 WINTRUST!_WalkChain+0000019C WINTRUST!WintrustCertificateTrust+000000B7 WINTRUST!_VerifyTrust+00000144 WINTRUST!WinVerifyTrust+0000004E SigTest!signature_is_valid+000000DD + 10984 ( 10984 - 0) 2 allocs BackTraceBB3 + 2 ( 2 - 0) BackTraceBB3 allocations ntdll!RtlDebugAllocateHeap+000000E1 ntdll!RtlAllocateHeapSlowly+00000044 ntdll!RtlAllocateHeap+00000E64 kernel32!LocalAlloc+00000058 CRYPT32!PkiDefaultCryptAlloc+00000011 CRYPT32!CertFindCertificateInCRL+00000051 cryptnet!MicrosoftCertDllVerifyRevocation+00000250 CRYPT32!I_CryptRemainingMilliseconds+0000021B CRYPT32!CertVerifyRevocation+000000B7 CRYPT32!CChainPathObject::CalculateRevocationStatus+000001F2 CRYPT32!CChainPathObject::CalculateAdditionalStatus+00000147 CRYPT32!CCertChainEngine::CreateChainContextFromPathGraph+00000227 CRYPT32!CCertChainEngine::GetChainContext+00000044 CRYPT32!CertGetCertificateChain+00000060 WINTRUST!_WalkChain+0000019C WINTRUST!WintrustCertificateTrust+000000B7 WINTRUST!_VerifyTrust+00000144 WINTRUST!WinVerifyTrust+0000004E SigTest!signature_is_valid+000000DD SigTest!wmain+00000073 SigTest!__tmainCRTStartup+000001A8 SigTest!wmainCRTStartup+0000000F kernel32!BaseProcessStart+00000023 </code></pre> <p>It seems to me that the <code>CRYPT32</code> functions are the ones leaking... or I'm missing something.</p> <p><strong>EDIT2</strong></p> <p>Here is the memory evolution for some thousand loops: <img src="https://i.stack.imgur.com/VqBvq.png" alt="alt text"></p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. USthe_void
    1. USthe_void
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    3. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POMemory Leak while verifying Authenticode Signature of Executables?
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POMemory Leak while verifying Authenticode Signature of Executables?
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POMemory Leak while verifying Authenticode Signature of Executables?
      1. USkichik
      1. VTFavorite
    1. COJust because the memory grows with every iteration does not _necessarily_ mean there is a memory leak. The heap may decide to dole out fresh memory instead of previously freed memory. This is common on a system with lots of free memory. When there's memory pressure in the system, the working set will be trimmed, which will probably convince the heap not to be so greedy.
      singulars
      1. POMemory Leak while verifying Authenticode Signature of Executables?
      1. USAdrian McCarthy
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload