0

I'm trying to hook the events related to memory allocation to create an external debugger that have no need of extra implementation on source code. To do this I need to hook theses calls, some one know how to do this ? Something like, http://www.itworld.com/UIR000929interposers but that runs on windows too. C/C++ implementations or ideas are welcomed too.

Tks

Tks for the answers, I'll make my tests to find the best alternative.

I checkout the answers no available solutions by now. I'm searching and researching by my self too. If I discovery some thing new I'll post here.

Rodrigo Farias Rezino
  • 2,687
  • 3
  • 33
  • 60

4 Answers4

2

You might want to check into Microsoft's Detours. Jeffrey Richter's books on Windows programming contain a similar library.

Jerry Coffin
  • 476,176
  • 80
  • 629
  • 1,111
  • Detours will work only with external API calls, AFAIK. From one executable to an external library, for instance. And most compilers won't rely on the Windows API for memory allocation, but only get some huge memory blocks via VirtualAlloc() then split it in small pieces before sending them back to the program. Some C compiler may use some CRT libraries. But e.g. Delphi won't use any external library for memory allocation, but only VirtualAlloc() calls. It could be a level too high to implement the task... – Arnaud Bouchez Mar 01 '11 at 10:22
2

Every compiler has its own memory management system. And, to be accurate, you can have several MM working on the same compiler. You can choose which MM to use, depending on your application purpose. For instance, in a Server you may be interested in a multi-thread scaling MM, but on a simple UI Client application, you'd like your MM just to be fast and not memory consuming.

The internal Heap management provided by Windows was so slow (at least until XP) that every compiler/framework did implement its own memory manager.

For Delphi, there was a "pure Borland" version since 2006, then an Open Source MM, named FastMM4, has been included into the main "Delphi" IDE.

With Delphi, it's very easy to change the memory manager. You just create a record of functions, then call the SetMemoryManager() to replace the current MM with the new one.

For instance, here is how is installed our Open Source scaling Memory Manager for Delphi:

{$if CompilerVersion >= 17}
  {$define USEMEMMANAGEREX}
{$ifend}

var
{$ifdef USEMEMMANAGEREX}
  OldMM: TMemoryManagerEx;
{$else}
  OldMM: TMemoryManager;
{$endif}

const
{$ifdef USEMEMMANAGEREX}
  ScaleMM_Ex: TMemoryManagerEx = (
    GetMem: Scale_GetMem;
    FreeMem: Scale_FreeMem;
    ReallocMem: Scale_ReallocMem;
    AllocMem: Scale_AllocMem;
    RegisterExpectedMemoryLeak: Scale_RegisterMemoryLeak;
    UnregisterExpectedMemoryLeak: Scale_UnregisterMemoryLeak );
{$else}
  ScaleMM_Ex: TMemoryManager = (
    GetMem: Scale_GetMem;
    FreeMem: Scale_FreeMem;
    ReallocMem: Scale_ReallocMem );
{$endif}

procedure ScaleMMInstall;
begin
  // Hook memory Manager
  GetMemoryManager(OldMM);
  if @OldMM <> @ScaleMM_Ex then
    SetMemoryManager(ScaleMM_Ex);

  // init main thread manager
  GlobalManager.Init;

This code will replace the Delphi MM by our own, via the custom Scale_GetMem / Scale_FreeMem / Scale_ReallocMem / Scale_AllocMem functions. You can just make a wrapper to the old MM by using the OldMM variable:

function Scale_GetMem(aSize: Integer): Pointer;
begin
  // do some debugging here
  result := OldMM.GetMem(aSize);
end;

The MM record structure changed in time, so you'll have to select the right one - we do this using the USEMEMMANAGEREX conditional.

Arnaud Bouchez
  • 42,305
  • 3
  • 71
  • 159
  • I think the poster wants to hook externally. – David Heffernan Mar 01 '11 at 07:27
  • 1
    @David To hook externally, you would have to hook the System.pas _GetMem and _FreeMem functions. It'll be much more difficult to find out how to do that! The only reasonable way of implementing it could be to find out the original _GetMem/_FreeMem asm binary pattern (depending of the RTL version used), then search for it in the EXE, then patch in via some Win32 hooking mechanism. In Delphi, we don't have external libraries to handle the memory, like most C compilers use. This makes external hook much more difficult... – Arnaud Bouchez Mar 01 '11 at 10:17
  • Ok, but it doesn't solve my problem, like A.Bouchez said I need to hook _GetMem and _FreeMem by an external program like I told on my post. Tks any way, your explanation will help others certainly – Rodrigo Farias Rezino Mar 01 '11 at 17:19
0

Do you mean something like this?

Macro to replace C++ operator new

It leads ultimately to this:

http://blogs.msdn.com/b/calvin_hsia/archive/2009/01/19/9341632.aspx

It's a common technique to capture the new operator or malloc. We used to do it to try and chase down where our pointers went wrong in C. I don't use it as much anymore, though.

Community
  • 1
  • 1
Albert Perrien
  • 1,153
  • 12
  • 27
  • I read the options, by I noticed it didn't give me the options to hook it externally . Am I wrong? – Rodrigo Farias Rezino Mar 01 '11 at 17:21
  • I'm not sure what you mean by hooking externally. Do you mean to inspect another program as it's running? You'd probably be better off running a debugging tool like an emulator like WOW64 (e.g [link]http://msdn.microsoft.com/en-us/library/aa384249%28v=VS.85%29.aspx) or using the windows debugging tools or some such. – Albert Perrien Mar 01 '11 at 22:56
0

New informations: I'm studying about memory allocation to create my on debugger. BUT, Now I really found the point. As I'm working on Delphi I was looking the FastMM unit to check how it works...

What was my first idea to create my own external debugger? Hook the request for memory allocation from an application to windows.

But as I could notice is that not every class instantiation that request this to windows. I now I understood why (tks ABounchez for your reply). It's 'cause when I quest to a memory space on ram, the FastMM create a pool of memory when necessary because when another memory request is done it'll not ask the system for a new memory space, it'll manage the pool memory to make it faster and better.

So, even I hook the VirtualAlloc(), I will not have the completed informations about memory modifications that I though was possible.

But by now, these information close a lot of doors and open a lot others too me. Certainly I'm create my debugged, not as I though in the beginning, but with some curios features too.

Tks for those that contributed for this.

Rodrigo Farias Rezino
  • 2,687
  • 3
  • 33
  • 60