Notitie
Voor toegang tot deze pagina is autorisatie vereist. U kunt proberen u aan te melden of de directory te wijzigen.
Voor toegang tot deze pagina is autorisatie vereist. U kunt proberen de mappen te wijzigen.
??????? ???????? ? ?????? ??????? ?? ? ???, ??? ??????????, ? ? ???, ??? ?????????? ? ?????? ?? ????????. ? ???????, ???????? ??????? ??????:
We recently saw an AV in stress where our vectored exception handler was called after our dll was unloaded. After investigating the issue, it seems like removing the vectored exception handler does not wait for all users of that exception handler to finish (and does not even remove the exception handler from list for future users if there is one current user). So, there seems to be no way to synchronize removing the exception handler and the dll unloading – any synchronization within the exception handler is useless since the exception thread may be about to call the exception handler.
??????? ?? ????????? ??????? ?????????? ?? ????? ??????????? ????????????, ????????? ???, ??? ????????? ?????????? ?????????? ??? ?????? ????? ????, ??? ???? DLL ???? ????????? ?? ??????. ? ???????? ????????????? ??????????, ???, ??????, ?????? ?????????? ??????????? ?????????? ?? ???????, ???? ??? ???????????? ????? ??????????? ???????? ?????? (? ???? ?? ??????? ?????????? ??? ??????? ?????????????, ???? ?????????? ? ?????? ?????? ????????????). ???, ??????, ??? ?? ?????????? ??????? ???????????????? ?????? ?????????? ??????????? ? ???????? DLL – ????? ????????????? ? ???????? ??????????? ?????????? ??????????, ????????? ?????, ? ??????? ????????? ??????????, ????? ?????? ????????? ??????? ?????????? ??????????.
?????????????, ????????? ??????????? ?????????? ???????????? ????? ?? ??? ????, ??? ??????? (??? ????????? ???????), ??????? ?????????? ??????????? ?????????? ?? ??? ????? SEH ????? ????????? ??????????. ????????? ???????????? ?????? ?????????? ?? ???????????, ?????????????? ? ??????? ??????? AddVectoredExceptionHandler ? AddVectoredContinueHandler. ????????? ???????????? ??????????? ??????????? ?????? ?? ??????, ???? ??? ???????? ??? ??????????? ?? ?????????? ??????? ????????????, ? ??????. ???? ???? ?????? ??? ???????? ? ???????? ????????? ??????????, ?????????? ?????? ?????????? ??? ???????? ?????????.
????? ??????????? ???? ????????, ????? ????????? ????????? ? ?????????????? ??????????? ?????? ????????????. ??????? ?????????? ????? ??????????? ?? ????? ??????, ??????? ???????????? ?? ?????? ?????? ?????????, ? ??????? ?????? ???????????? ????? ?????????? ????????? ???? ??????????, «?????????» ?????? ??????????. ????? ?????? ????? ??? ??????? ??? ????????? ????????:
- ??????????, ?? ???????????, ?????????? ? ?????????????? ????????. ? ???? ??????, ????????, ?????? ???????? ??????, ??? ??? ????????? ?????? ? ??????? ????? ? ?? ????. ??????????, ??? ????????? ????? ?????? ???????????? ??????? ?????. ???, ????? ??????? ??????????? ? ????????????? ??????????, ?? ??? ??? ?????-?? Oracle ??????????. :-)
- ????????????? ??????? ? ?????? ??????? ????????????, ???????? ? ?????? ????????? ??????????.
??? ??????????, ??????? ????????? ?????????? ? ?????? ????????????? ?????, ??? ??? ????? ???????????? ? ???, ??????? ??? ?? ????????????. ??????, ?????????? ???? ????????? (AKA splicing), ????? ????? ????? ? ??????? ?????????? ?? ????? ????????????, ? ??????????? ?????????? ?????????? ? ????????? ?????, ???? ????????? ??????????? ?????????? ?????????? ???????????? ???????. ????????? ????? ????? ??????????? – ?? ??? ??????, ????????? ?? ????????, ??????? ??????? ????????? ??? ???????????? ? ?????? ??????.
? ??? ??? ????????? ??????? ??? ???????????? ???????? ? ????????? ?????????? ????????????
Cross-posted from blog.not-a-kernel-guy.com.