Search code examples
dllmfcapplication-verifier

MFC Win32 application + application verifier - virtual reservation leaked


I'm trying to analyse my Win32 application using Application Verifier. I checked all of the categories under Basic. So in the following code,

// Function which unloads the DLL
int unloadDLL()
{
    if(DLLHandle != NULL)
    {
        if(0 == FreeLibrary(DLLHandle))
        {
            // Failed to unload the DLL
            return -1;
        }
        DLLHandle = NULL;
    }
    return 0;
}

Application verifier stops and throws the following,

=======================================
VERIFIER STOP 00000903: pid 0x770: A virtual reservation was leaked. 

    04DB0000 : Leaked reservation address.
    00825FC4 : Address to the allocation stack trace. Run dps <address> to view the allocation stack.
    07870FE0 : Address of the owner dll name. Run du <address> to read the dll name.
    04B00000 : Base of the owner dll. Run .reload <dll_name> = <address> to reload the owner dll. Use 'lm' to get more information about the loaded and unloaded modules.


=======================================
This verifier stop is continuable.
After debugging it use `go' to continue.

=======================================

What is a virtual reservation address? I haven't been able to find any related links. Also, why is this occurring?

EDIT:

Here are the outputs of the commands I executed according to the above suggestions.

dps 00825FC4:

00825fc4  00000000
00825fc8  0000f801
00825fcc  002001e6
00825fd0  6aa1441e vfbasics+0x1441e
00825fd4  04b081ad <Unloaded_TestDLL.dll>+0x81ad
00825fd8  04b07bbd <Unloaded_TestDLL.dll>+0x7bbd
00825fdc  04b07683 <Unloaded_TestDLL.dll>+0x7683
00825fe0  04b0c4ec <Unloaded_TestDLL.dll>+0xc4ec
00825fe4  04b107d6 <Unloaded_TestDLL.dll>+0x107d6
00825fe8  004354ac*** WARNING: Unable to verify checksum for GUI.exe
GUI!CGUI::check+0x17c [E:\GUI\DLLInterface.cpp @ 832]
00825fec  00435a47 GUI!CGUI::OnInitDialog+0x1e7 [E:\GUI\DLLInterface.cpp @ 988]
00825ff0  004d3a6b GUI!AfxDlgProc+0x3b [dlgcore.cpp @ 35]
00825ff4  773e86ef*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Windows\system32\USER32.dll - 
 USER32!IsThreadDesktopComposited+0x11f
00825ff8  773d9eb2 USER32!CreateDialogParamW+0x2b3
00825ffc  773db98b USER32!GetMenuItemID+0x17b
00826000  773f90f9 USER32!DefDlgProcA+0x22
00826004  773e86ef USER32!IsThreadDesktopComposited+0x11f
00826008  773e8876 USER32!IsThreadDesktopComposited+0x2a6
0082600c  773e43cf USER32!WindowFromDC+0xeb
00826010  774041f9 USER32!CallWindowProcA+0x1b
00826014  004d705d GUI!CWnd::DefWindowProcA+0x32 [wincore.cpp @ 1000]
00826018  004d59eb GUI!CWnd::Default+0x39 [wincore.cpp @ 249]
0082601c  004d4c67 GUI!CDialog::HandleInitDialog+0xad [dlgcore.cpp @ 621]
00826020  004d83bb GUI!CWnd::OnWndMsg+0x68d [wincore.cpp @ 1815]
00826024  004d7d04 GUI!CWnd::WindowProc+0x2e [wincore.cpp @ 1585]
00826028  004d58a9 GUI!AfxCallWndProc+0xed [wincore.cpp @ 215]
0082602c  004d5d45 GUI!AfxWndProc+0x81 [wincore.cpp @ 368]
00826030  773e86ef USER32!IsThreadDesktopComposited+0x11f
00826034  773e8876 USER32!IsThreadDesktopComposited+0x2a6
00826038  773e7631 USER32!IsRectEmpty+0x120
0082603c  773d9b1d USER32!RegisterMessagePumpHook+0x9d9
00826040  773d9bf6 USER32!CreateDialogIndirectParamAorW+0x33

du 07870FE0:

07870fe0  "TestDLL.dll"

lm:

start    end        module name
00400000 007c5000   GUI C (private pdb symbols) E:\GUI\Debug\GUI.pdb
6aa00000 6aa58000   vfbasics   (no symbols)           
6cc80000 6ccb8000   odbcint    (deferred)             
6d180000 6d20a000   ODBC32     (deferred)             
70650000 70669000   OLEPRO32   (deferred)             
70670000 7068c000   oledlg     (deferred)             
70690000 706f0000   verifier   (deferred)             
709f0000 70a1b000   vrfcore    (export symbols)       C:\Windows\SYSTEM32\vrfcore.dll
71190000 711e1000   WINSPOOL   (deferred)             
721a0000 721b2000   pnrpnsp    (deferred)             
721c0000 721d0000   napinsp    (deferred)             
72230000 72236000   rasadhlp   (deferred)             
72240000 72248000   winrnr     (deferred)             
72280000 722a7000   WLIDNSP    (deferred)             
73420000 73426000   sensapi    (deferred)             
738e0000 73918000   fwpuclnt   (deferred)             
73b50000 73b57000   WINNSI     (deferred)             
73be0000 73bfc000   iphlpapi   (deferred)             
73ee0000 73ef0000   NLAapi     (deferred)             
74090000 740c2000   WINMM      (deferred)             
740d0000 740f1000   ntmarta    (deferred)             
741e0000 741ed000   rtutils    (deferred)             
741f0000 74205000   rasman     (deferred)             
74210000 74262000   RASAPI32   (deferred)             
74380000 7438f000   wkscli     (deferred)             
74390000 743a1000   NETAPI32   (deferred)             
745f0000 74603000   dwmapi     (deferred)             
74b30000 74b70000   uxtheme    (deferred)             
74b70000 74d0e000   comctl32_74b70000   (deferred)             
74fd0000 74fd9000   VERSION    (deferred)             
75060000 75065000   wshtcpip   (deferred)             
75320000 75329000   netutils   (deferred)             
75410000 75454000   dnsapi     (deferred)             
75540000 75546000   wship6     (deferred)             
75550000 7558c000   mswsock    (deferred)             
75860000 75879000   srvcli     (deferred)             
75a00000 75a1a000   SspiCli    (deferred)             
75a70000 75a7c000   CRYPTBASE   (deferred)             
75b20000 75b2b000   profapi    (deferred)             
75b90000 75b9c000   MSASN1     (deferred)             
75ba0000 75c24000   COMCTL32   (deferred)             
75c30000 75c7a000   KERNELBASE   (deferred)             
75d00000 75e1e000   CRYPT32    (deferred)             
75e20000 75e9b000   comdlg32   (deferred)             
75ea0000 75f41000   RPCRT4     (deferred)             
75f50000 75ff0000   ADVAPI32   (deferred)             
75ff0000 761e9000   iertutil   (deferred)             
76390000 763c5000   WS2_32     (deferred)             
763d0000 763e9000   sechost    (deferred)             
763f0000 7640f000   IMM32      (deferred)             
76410000 76455000   WLDAP32    (deferred)             
76460000 76595000   urlmon     (deferred)             
765a0000 771e9000   SHELL32    (deferred)             
771f0000 772c4000   kernel32   (deferred)             
77300000 773cc000   MSCTF      (deferred)             
773d0000 77499000   USER32     (export symbols)       C:\Windows\system32\USER32.dll
77590000 7763c000   msvcrt     (deferred)             
77640000 7779c000   ole32      (deferred)             
777a0000 7782f000   OLEAUT32   (deferred)             
77830000 778ce000   USP10      (deferred)             
778d0000 779c4000   WININET    (deferred)             
779d0000 77b0c000   ntdll      (export symbols)       C:\Windows\SYSTEM32\ntdll.dll
77b10000 77b1a000   LPK        (deferred)             
77b20000 77b25000   PSAPI      (deferred)             
77b30000 77b33000   Normaliz   (deferred)             
77b40000 77b8e000   GDI32      (deferred)             
77b90000 77b96000   NSI        (deferred)             
77ba0000 77bf7000   SHLWAPI    (deferred)             

Unloaded modules:
04b00000 04b60000   TestDLL.dll

Solution

  • "Virtual Reservation" presumably refers to the idea that in Windows, you can "reserve" (claim) a range of virtual addresses, without actually allocating physical memory.

    e.g., from http://msdn.microsoft.com/en-us/library/windows/desktop/aa366887(v=vs.85).aspx

    MEM_RESERVE 0x00002000 Reserves a range of the process's virtual address space without allocating any actual physical storage in memory or in the paging file on disk.

    So, presumably something in TestDLL.dll called VirtualAlloc, and there was never a corresponding call to VirtualFree. You'd have to include more information about TestDLL for the investigation to proceed further.