I'm trying to analyse my Win32 application using Application Verifier. I checked all of the categories under Basic. So in the following code,
// Function which unloads the DLL
int unloadDLL()
{
if(DLLHandle != NULL)
{
if(0 == FreeLibrary(DLLHandle))
{
// Failed to unload the DLL
return -1;
}
DLLHandle = NULL;
}
return 0;
}
Application verifier stops and throws the following,
=======================================
VERIFIER STOP 00000903: pid 0x770: A virtual reservation was leaked.
04DB0000 : Leaked reservation address.
00825FC4 : Address to the allocation stack trace. Run dps <address> to view the allocation stack.
07870FE0 : Address of the owner dll name. Run du <address> to read the dll name.
04B00000 : Base of the owner dll. Run .reload <dll_name> = <address> to reload the owner dll. Use 'lm' to get more information about the loaded and unloaded modules.
=======================================
This verifier stop is continuable.
After debugging it use `go' to continue.
=======================================
What is a virtual reservation address? I haven't been able to find any related links. Also, why is this occurring?
EDIT:
Here are the outputs of the commands I executed according to the above suggestions.
dps 00825FC4
:
00825fc4 00000000
00825fc8 0000f801
00825fcc 002001e6
00825fd0 6aa1441e vfbasics+0x1441e
00825fd4 04b081ad <Unloaded_TestDLL.dll>+0x81ad
00825fd8 04b07bbd <Unloaded_TestDLL.dll>+0x7bbd
00825fdc 04b07683 <Unloaded_TestDLL.dll>+0x7683
00825fe0 04b0c4ec <Unloaded_TestDLL.dll>+0xc4ec
00825fe4 04b107d6 <Unloaded_TestDLL.dll>+0x107d6
00825fe8 004354ac*** WARNING: Unable to verify checksum for GUI.exe
GUI!CGUI::check+0x17c [E:\GUI\DLLInterface.cpp @ 832]
00825fec 00435a47 GUI!CGUI::OnInitDialog+0x1e7 [E:\GUI\DLLInterface.cpp @ 988]
00825ff0 004d3a6b GUI!AfxDlgProc+0x3b [dlgcore.cpp @ 35]
00825ff4 773e86ef*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\system32\USER32.dll -
USER32!IsThreadDesktopComposited+0x11f
00825ff8 773d9eb2 USER32!CreateDialogParamW+0x2b3
00825ffc 773db98b USER32!GetMenuItemID+0x17b
00826000 773f90f9 USER32!DefDlgProcA+0x22
00826004 773e86ef USER32!IsThreadDesktopComposited+0x11f
00826008 773e8876 USER32!IsThreadDesktopComposited+0x2a6
0082600c 773e43cf USER32!WindowFromDC+0xeb
00826010 774041f9 USER32!CallWindowProcA+0x1b
00826014 004d705d GUI!CWnd::DefWindowProcA+0x32 [wincore.cpp @ 1000]
00826018 004d59eb GUI!CWnd::Default+0x39 [wincore.cpp @ 249]
0082601c 004d4c67 GUI!CDialog::HandleInitDialog+0xad [dlgcore.cpp @ 621]
00826020 004d83bb GUI!CWnd::OnWndMsg+0x68d [wincore.cpp @ 1815]
00826024 004d7d04 GUI!CWnd::WindowProc+0x2e [wincore.cpp @ 1585]
00826028 004d58a9 GUI!AfxCallWndProc+0xed [wincore.cpp @ 215]
0082602c 004d5d45 GUI!AfxWndProc+0x81 [wincore.cpp @ 368]
00826030 773e86ef USER32!IsThreadDesktopComposited+0x11f
00826034 773e8876 USER32!IsThreadDesktopComposited+0x2a6
00826038 773e7631 USER32!IsRectEmpty+0x120
0082603c 773d9b1d USER32!RegisterMessagePumpHook+0x9d9
00826040 773d9bf6 USER32!CreateDialogIndirectParamAorW+0x33
du 07870FE0
:
07870fe0 "TestDLL.dll"
lm
:
start end module name
00400000 007c5000 GUI C (private pdb symbols) E:\GUI\Debug\GUI.pdb
6aa00000 6aa58000 vfbasics (no symbols)
6cc80000 6ccb8000 odbcint (deferred)
6d180000 6d20a000 ODBC32 (deferred)
70650000 70669000 OLEPRO32 (deferred)
70670000 7068c000 oledlg (deferred)
70690000 706f0000 verifier (deferred)
709f0000 70a1b000 vrfcore (export symbols) C:\Windows\SYSTEM32\vrfcore.dll
71190000 711e1000 WINSPOOL (deferred)
721a0000 721b2000 pnrpnsp (deferred)
721c0000 721d0000 napinsp (deferred)
72230000 72236000 rasadhlp (deferred)
72240000 72248000 winrnr (deferred)
72280000 722a7000 WLIDNSP (deferred)
73420000 73426000 sensapi (deferred)
738e0000 73918000 fwpuclnt (deferred)
73b50000 73b57000 WINNSI (deferred)
73be0000 73bfc000 iphlpapi (deferred)
73ee0000 73ef0000 NLAapi (deferred)
74090000 740c2000 WINMM (deferred)
740d0000 740f1000 ntmarta (deferred)
741e0000 741ed000 rtutils (deferred)
741f0000 74205000 rasman (deferred)
74210000 74262000 RASAPI32 (deferred)
74380000 7438f000 wkscli (deferred)
74390000 743a1000 NETAPI32 (deferred)
745f0000 74603000 dwmapi (deferred)
74b30000 74b70000 uxtheme (deferred)
74b70000 74d0e000 comctl32_74b70000 (deferred)
74fd0000 74fd9000 VERSION (deferred)
75060000 75065000 wshtcpip (deferred)
75320000 75329000 netutils (deferred)
75410000 75454000 dnsapi (deferred)
75540000 75546000 wship6 (deferred)
75550000 7558c000 mswsock (deferred)
75860000 75879000 srvcli (deferred)
75a00000 75a1a000 SspiCli (deferred)
75a70000 75a7c000 CRYPTBASE (deferred)
75b20000 75b2b000 profapi (deferred)
75b90000 75b9c000 MSASN1 (deferred)
75ba0000 75c24000 COMCTL32 (deferred)
75c30000 75c7a000 KERNELBASE (deferred)
75d00000 75e1e000 CRYPT32 (deferred)
75e20000 75e9b000 comdlg32 (deferred)
75ea0000 75f41000 RPCRT4 (deferred)
75f50000 75ff0000 ADVAPI32 (deferred)
75ff0000 761e9000 iertutil (deferred)
76390000 763c5000 WS2_32 (deferred)
763d0000 763e9000 sechost (deferred)
763f0000 7640f000 IMM32 (deferred)
76410000 76455000 WLDAP32 (deferred)
76460000 76595000 urlmon (deferred)
765a0000 771e9000 SHELL32 (deferred)
771f0000 772c4000 kernel32 (deferred)
77300000 773cc000 MSCTF (deferred)
773d0000 77499000 USER32 (export symbols) C:\Windows\system32\USER32.dll
77590000 7763c000 msvcrt (deferred)
77640000 7779c000 ole32 (deferred)
777a0000 7782f000 OLEAUT32 (deferred)
77830000 778ce000 USP10 (deferred)
778d0000 779c4000 WININET (deferred)
779d0000 77b0c000 ntdll (export symbols) C:\Windows\SYSTEM32\ntdll.dll
77b10000 77b1a000 LPK (deferred)
77b20000 77b25000 PSAPI (deferred)
77b30000 77b33000 Normaliz (deferred)
77b40000 77b8e000 GDI32 (deferred)
77b90000 77b96000 NSI (deferred)
77ba0000 77bf7000 SHLWAPI (deferred)
Unloaded modules:
04b00000 04b60000 TestDLL.dll
"Virtual Reservation" presumably refers to the idea that in Windows, you can "reserve" (claim) a range of virtual addresses, without actually allocating physical memory.
e.g., from http://msdn.microsoft.com/en-us/library/windows/desktop/aa366887(v=vs.85).aspx
MEM_RESERVE 0x00002000 Reserves a range of the process's virtual address space without allocating any actual physical storage in memory or in the paging file on disk.
So, presumably something in TestDLL.dll called VirtualAlloc, and there was never a corresponding call to VirtualFree. You'd have to include more information about TestDLL for the investigation to proceed further.