demandvista系统优化
vista系统优化 时间:2021-02-25 阅读:()
WindowsVistaHeapManagementEnhancementsAdrianMarinescuDevelopmentLeadadrmarin@microsoft.
com2AgendaWindowsNTHeapManagementbasicsandevolutionWindowsVistaheap–majormilestone–Developmentprinciplesandguidelines–Securityfeatures–PerformancefeaturesQ&A3IntroductionSecurity–industry-wideconcernTwCdrivingmultiplesecurityinitiativesTheNTHeap–Strategicpointindefense–Improvedtorespondtoindustrytrendsinusage4PartI–Basics5HeapEvolutionTimeNT4NT4/SP4Windows2000XP/SP2Windows2003WindowsVistaBasicsPerformanceOpt-inSMPScalabilityHeapMitigationsEnhancedsecurityPerformanceQualitytoolIndustryWorkloadExploitationParallelism6NTHeapOverviewTheNTMemoryManagerSegmentManagement(forblocks1KNon-dedicatedfreelist(1–512KBytes)Segment1Segment64Segmentarray>512KVirtualBlocksList816>512K8HeapSegmentsSeg.
HB1B2UncommitedspaceBn…ByUncommitedspaceReservedspace9BlockEntryinpriorWindowsNTVersions0:018>dc04392f8004392f8000040002000000010442da6000240e68SizePreviousblocksizetagunusedbytesflagssegmentF-LinkB-Link10RoleofLinkEntryinEarlyExploitsArbitrarypointerwritemovmoveaxeax,DWORDPTR[,DWORDPTR[ecxecx]]movmovecxecx,DWORDPTR[ecx+4],DWORDPTR[ecx+4]movmovDWORDPTR[DWORDPTR[ecxecx],],eaxeaxmovmovDWORDPTR[eax+4],DWORDPTR[eax+4],ecxecxFwdLinkBkLinkValuetowriteLocationtowrite11LookasideListsNon-blockingsingle-linkedlists0-89-16Lookasidelists1016-1024HeaderLinkunusedHeaderLinkunused12TheLowFragmentationHeapArchitectureSMPUnit10-89-16Allocationbuckets1025-108815873-16384AllocationgranularitySMPUnitNSMPUnit1SegmentspoolSegmentspoolSegmentspool13LowFragmentationHeapBlockEntrySub-SegmentFlags…RelativelinkSizeLFHBlockFrees-listSub-Segment…8bytesUserdata14EarlyHeapMitigationsSafeListRemovalEntry->FwdLink->BkLink==Entry->BkLink->FwdLink==Entry8-bitcookietestedonfreeLFHblockentryencodingF(randomnumber,Blockaddress,heap)15ChangeinLandscapeNewexploitingmethodssurfacedChangeinusageoutlook–Memoryusage–IncreaseavailabilityofSMP–Increaserelevanceof64bitcomputingCodequality–higherdemandinindustry16WindowsVistaHeapManagerKeyDevelopmentDirectionsPerformanceandreliabilitySecurityCodequality17WindowsNTHeapRequirements18SecurityCorrectness–like:–Guaranteesrequestedsizes–Lifetimeofallocations–Clearingcontentwhenrequestedetc.
Defenselineinheapbasedexploits:Defenselineinheapbasedexploits:––AttemptstomitigatetheeffectofanattackAttemptstomitigatetheeffectofanattack––MakesdifficulthidingheapMakesdifficulthidingheap--basedexploitsbasedexploits19PerformanceScalefromsmalldevicestolargeserversOptimizedforvariedusagepatternsFollowtheindustrytrend–Memoryusage–IncreaseinSMPavailability–H/Warchitectureadvances20CompatibilityApplicationsmayrelyonthingslike:–Reallocreturningsamepointer–Read/writeafterreleasingablock–Doublefree–Overrunsoverunusedstructuresetc.
Heapchangesmayhaveunintendedeffects,suchas:–Crashes,leaksorbrokenfunctionalityinpoorlywrittenapplications–Severeperformanceregressions21PartII-WindowsVistaHeap22WindowsVistaHeapSecurityFeaturesBlockmetadatarandomizationIntegritycheckonblockentryAlgorithmvariationinresponsetousagepatternRandomrebasingFunctionpointerrandomizationAbruptapplicationterminationonerror23BlockMetadataRandomizationApartoftheheaderisXORdwitharandomvalueLowperformanceimpactShouldmakeguessingtherightvalueimpracticalFlexibleandcontainedalgorithmandimplementationAgileinupdates24EntryIntegrityCheckPrevious8-bitcookiehasbeenrepurposedtovalidatealargerpartoftheheaderValuemayberandomizedalongwiththeotherfieldsValidatedduringinternaloperationstoo25Demo–HeapHeaderLayout26Automatictuning–ShifttoLFHallocationsatarbitrarypointsonruntime–Triggersonvariouspatterns–Involvesalsode-commit/commitpoliciesRuntimeAlgorithmVariation27MoreHeapRandomizationsHeapbaserandomization–thingstoconsider:–Fragmentationoftheapplicationaddressspaceaffectinglargeserverapplications–PossibleperformanceissuesifhigherrandomizationisusedHeapfunctionpointerrandomization–Takesawayaknownplacetofacilitatethecodeexecutionalongwithrebasing28Demo29AbruptTerminationonErrorAnydatainconsistencyorinvalidheapfunctionusagedetectedmaytriggeritThescopeisprocess-wide(anyheapintheprocesshasthesamebehavior)TheprocessisterminatedviaWindowsErrorReportingDetailedinfoisavailableinthedumpfileNofunctionprovidedtodisableitOnbydefaultfor64bitplatforms&apps30TerminationonErrors(cont.
)Programmaticopt-Inmethod(newHeapEnableTerminationOnCorruptionclassdefined)BOOLHeapSetInformation(HANDLEHeapHandle,HEAP_INFORMATION_CLASSHeapInformationClass,PVOIDHeapInformation,SIZE_THeapInformationLength);LargenumberofcomponentswithWindowsVistaareoptedinTheinformationisavailableinadebuggerextension31Demo32NTHeapManager–ImprovesCodeQualityBenefitstoappdevelopersEarlyerrordetectionImproveddebuggingaidtoreducecostofinvestigatingcorruptionsReducedtolerancetomisusageWindowsVistaappswillbemoreresilienttofutureheapchanges33KnownAttackVectors&WindowsVistaRemovedlookasidelistandarrayofliststargetedbypreviousexploitsIntegritycheckonblockmetadatasignificantobstacletobruteforceattacksMostWindowsprocessesterminateonmemoryerrorsDynamic(runtime)changeinheapalgorithmsobstacletoconsistentexploitsHeapstructuresandmemorymgmtchangeslimitportabilityofexploits34SecurityenhancementsareajourneyMitigationsarenotsubstituteforgooddevelopmentpracticesWindowsVistaisjustamilestoneincontinualheapimprovements35WindowsVistaHeapPerf&ReliabilityImprovedscenariosbydefaultfor:SMPscalabilityExternalfragmentationLargeheapsImprovedreferencelocalityon64bitplatformsReducedVirtualAddressexhaustionIncreasedresiliencetopatternsinvolvinglong-termallocations36KeyPerformanceEnhancementsAutomatictuningLowergranularityofcontrolpoliciestoswitchtotheLowFragmentationHeapUseoflazyinitializationRedesignedsegmentmanagementImprovedinternallookupalgorithmsAddressedfragmentationinproblematicscenariosLoweroverheadon64bit37RandomAllocationBenchmark(0-1K)05101520253012345678MillionThreadsOps.
/secWindowsServer2003RecentWindowsVistaRandomAllocationBenchmark(4-8k)0246810121416182012345678MillionThreadsOps.
/secWindowsServer2003RecentWindowsVista38FragmentationTest(512blocks/80bytes)VirtualaddressCost010002000300040005000600070008000Runtime(sec)BytesperleakedbloRecentWindowsVistaWindowsServer2003Committedmemorycost0100200300400500600700800Runtime(sec)BytesperleakedbloRecentWindowsVistaWindowsServer200339FragmentationTest(512blocks/80bytes)Heapperformanceonheapexpansionpattern1(512blocks)(70x)0100000200000300000400000500000600000700000800000Runtime(sec)Ops.
/secRecentWindowsVistaWindowsServer200340FragmentationScenarioIIPatternPatternOps/secOps/sec(Recent(RecentWindowsWindowsVista)Vista)Ops/secOps/sec(Windows(WindowsServerServer2003SP1)2003SP1)ImprovemeImprovementntxx2562576004388663951292770915161441024403774517917204819418025776740968253412687841Memoryfootprinton2GBytesheapexpansion0500100015002000250030003500400045003264128256512102420484096BlocksizeMbytesmemorReservedMemoryInRecentWindowsVistaCommitedMemoryInRecentWindowsVistaReservedMemoryInWindowsServer2003CommitedMemoryInWindowsServer200342SummaryAttacksgetmoresophisticated…Butsodoestheheapmanagement–andnotonlyforsecurityWelaidthefoundationforincreasedagilityinheapimprovementswithreducedcompatibilityrisksImprovedscenariosforSMPandlargememoryusageDesignedtoenhancethecodequalityforapplicationsWearenotyetdone…wearelookingforwardforfurtherenhancementsasneededComeseemewithyourideas!
43ResourcesFeedbackonHeap:heapext@microsoft.
comDebuggingtools:http://www.
microsoft.
com/whdc/devtools/debugging/debugstart.
mspxApplicationVerifier:http://www.
microsoft.
com/downloads/details.
aspxFamilyID=bd02c19c-1250-433c-8c1b-2619bd93b3a2&DisplayLang=en4444secure@microsoft.
comThispresentationisforinformationalpurposesonly.
Microsoftmakesnowarranties,expressorimplied,inthissummary.
com2AgendaWindowsNTHeapManagementbasicsandevolutionWindowsVistaheap–majormilestone–Developmentprinciplesandguidelines–Securityfeatures–PerformancefeaturesQ&A3IntroductionSecurity–industry-wideconcernTwCdrivingmultiplesecurityinitiativesTheNTHeap–Strategicpointindefense–Improvedtorespondtoindustrytrendsinusage4PartI–Basics5HeapEvolutionTimeNT4NT4/SP4Windows2000XP/SP2Windows2003WindowsVistaBasicsPerformanceOpt-inSMPScalabilityHeapMitigationsEnhancedsecurityPerformanceQualitytoolIndustryWorkloadExploitationParallelism6NTHeapOverviewTheNTMemoryManagerSegmentManagement(forblocks1KNon-dedicatedfreelist(1–512KBytes)Segment1Segment64Segmentarray>512KVirtualBlocksList816>512K8HeapSegmentsSeg.
HB1B2UncommitedspaceBn…ByUncommitedspaceReservedspace9BlockEntryinpriorWindowsNTVersions0:018>dc04392f8004392f8000040002000000010442da6000240e68SizePreviousblocksizetagunusedbytesflagssegmentF-LinkB-Link10RoleofLinkEntryinEarlyExploitsArbitrarypointerwritemovmoveaxeax,DWORDPTR[,DWORDPTR[ecxecx]]movmovecxecx,DWORDPTR[ecx+4],DWORDPTR[ecx+4]movmovDWORDPTR[DWORDPTR[ecxecx],],eaxeaxmovmovDWORDPTR[eax+4],DWORDPTR[eax+4],ecxecxFwdLinkBkLinkValuetowriteLocationtowrite11LookasideListsNon-blockingsingle-linkedlists0-89-16Lookasidelists1016-1024HeaderLinkunusedHeaderLinkunused12TheLowFragmentationHeapArchitectureSMPUnit10-89-16Allocationbuckets1025-108815873-16384AllocationgranularitySMPUnitNSMPUnit1SegmentspoolSegmentspoolSegmentspool13LowFragmentationHeapBlockEntrySub-SegmentFlags…RelativelinkSizeLFHBlockFrees-listSub-Segment…8bytesUserdata14EarlyHeapMitigationsSafeListRemovalEntry->FwdLink->BkLink==Entry->BkLink->FwdLink==Entry8-bitcookietestedonfreeLFHblockentryencodingF(randomnumber,Blockaddress,heap)15ChangeinLandscapeNewexploitingmethodssurfacedChangeinusageoutlook–Memoryusage–IncreaseavailabilityofSMP–Increaserelevanceof64bitcomputingCodequality–higherdemandinindustry16WindowsVistaHeapManagerKeyDevelopmentDirectionsPerformanceandreliabilitySecurityCodequality17WindowsNTHeapRequirements18SecurityCorrectness–like:–Guaranteesrequestedsizes–Lifetimeofallocations–Clearingcontentwhenrequestedetc.
Defenselineinheapbasedexploits:Defenselineinheapbasedexploits:––AttemptstomitigatetheeffectofanattackAttemptstomitigatetheeffectofanattack––MakesdifficulthidingheapMakesdifficulthidingheap--basedexploitsbasedexploits19PerformanceScalefromsmalldevicestolargeserversOptimizedforvariedusagepatternsFollowtheindustrytrend–Memoryusage–IncreaseinSMPavailability–H/Warchitectureadvances20CompatibilityApplicationsmayrelyonthingslike:–Reallocreturningsamepointer–Read/writeafterreleasingablock–Doublefree–Overrunsoverunusedstructuresetc.
Heapchangesmayhaveunintendedeffects,suchas:–Crashes,leaksorbrokenfunctionalityinpoorlywrittenapplications–Severeperformanceregressions21PartII-WindowsVistaHeap22WindowsVistaHeapSecurityFeaturesBlockmetadatarandomizationIntegritycheckonblockentryAlgorithmvariationinresponsetousagepatternRandomrebasingFunctionpointerrandomizationAbruptapplicationterminationonerror23BlockMetadataRandomizationApartoftheheaderisXORdwitharandomvalueLowperformanceimpactShouldmakeguessingtherightvalueimpracticalFlexibleandcontainedalgorithmandimplementationAgileinupdates24EntryIntegrityCheckPrevious8-bitcookiehasbeenrepurposedtovalidatealargerpartoftheheaderValuemayberandomizedalongwiththeotherfieldsValidatedduringinternaloperationstoo25Demo–HeapHeaderLayout26Automatictuning–ShifttoLFHallocationsatarbitrarypointsonruntime–Triggersonvariouspatterns–Involvesalsode-commit/commitpoliciesRuntimeAlgorithmVariation27MoreHeapRandomizationsHeapbaserandomization–thingstoconsider:–Fragmentationoftheapplicationaddressspaceaffectinglargeserverapplications–PossibleperformanceissuesifhigherrandomizationisusedHeapfunctionpointerrandomization–Takesawayaknownplacetofacilitatethecodeexecutionalongwithrebasing28Demo29AbruptTerminationonErrorAnydatainconsistencyorinvalidheapfunctionusagedetectedmaytriggeritThescopeisprocess-wide(anyheapintheprocesshasthesamebehavior)TheprocessisterminatedviaWindowsErrorReportingDetailedinfoisavailableinthedumpfileNofunctionprovidedtodisableitOnbydefaultfor64bitplatforms&apps30TerminationonErrors(cont.
)Programmaticopt-Inmethod(newHeapEnableTerminationOnCorruptionclassdefined)BOOLHeapSetInformation(HANDLEHeapHandle,HEAP_INFORMATION_CLASSHeapInformationClass,PVOIDHeapInformation,SIZE_THeapInformationLength);LargenumberofcomponentswithWindowsVistaareoptedinTheinformationisavailableinadebuggerextension31Demo32NTHeapManager–ImprovesCodeQualityBenefitstoappdevelopersEarlyerrordetectionImproveddebuggingaidtoreducecostofinvestigatingcorruptionsReducedtolerancetomisusageWindowsVistaappswillbemoreresilienttofutureheapchanges33KnownAttackVectors&WindowsVistaRemovedlookasidelistandarrayofliststargetedbypreviousexploitsIntegritycheckonblockmetadatasignificantobstacletobruteforceattacksMostWindowsprocessesterminateonmemoryerrorsDynamic(runtime)changeinheapalgorithmsobstacletoconsistentexploitsHeapstructuresandmemorymgmtchangeslimitportabilityofexploits34SecurityenhancementsareajourneyMitigationsarenotsubstituteforgooddevelopmentpracticesWindowsVistaisjustamilestoneincontinualheapimprovements35WindowsVistaHeapPerf&ReliabilityImprovedscenariosbydefaultfor:SMPscalabilityExternalfragmentationLargeheapsImprovedreferencelocalityon64bitplatformsReducedVirtualAddressexhaustionIncreasedresiliencetopatternsinvolvinglong-termallocations36KeyPerformanceEnhancementsAutomatictuningLowergranularityofcontrolpoliciestoswitchtotheLowFragmentationHeapUseoflazyinitializationRedesignedsegmentmanagementImprovedinternallookupalgorithmsAddressedfragmentationinproblematicscenariosLoweroverheadon64bit37RandomAllocationBenchmark(0-1K)05101520253012345678MillionThreadsOps.
/secWindowsServer2003RecentWindowsVistaRandomAllocationBenchmark(4-8k)0246810121416182012345678MillionThreadsOps.
/secWindowsServer2003RecentWindowsVista38FragmentationTest(512blocks/80bytes)VirtualaddressCost010002000300040005000600070008000Runtime(sec)BytesperleakedbloRecentWindowsVistaWindowsServer2003Committedmemorycost0100200300400500600700800Runtime(sec)BytesperleakedbloRecentWindowsVistaWindowsServer200339FragmentationTest(512blocks/80bytes)Heapperformanceonheapexpansionpattern1(512blocks)(70x)0100000200000300000400000500000600000700000800000Runtime(sec)Ops.
/secRecentWindowsVistaWindowsServer200340FragmentationScenarioIIPatternPatternOps/secOps/sec(Recent(RecentWindowsWindowsVista)Vista)Ops/secOps/sec(Windows(WindowsServerServer2003SP1)2003SP1)ImprovemeImprovementntxx2562576004388663951292770915161441024403774517917204819418025776740968253412687841Memoryfootprinton2GBytesheapexpansion0500100015002000250030003500400045003264128256512102420484096BlocksizeMbytesmemorReservedMemoryInRecentWindowsVistaCommitedMemoryInRecentWindowsVistaReservedMemoryInWindowsServer2003CommitedMemoryInWindowsServer200342SummaryAttacksgetmoresophisticated…Butsodoestheheapmanagement–andnotonlyforsecurityWelaidthefoundationforincreasedagilityinheapimprovementswithreducedcompatibilityrisksImprovedscenariosforSMPandlargememoryusageDesignedtoenhancethecodequalityforapplicationsWearenotyetdone…wearelookingforwardforfurtherenhancementsasneededComeseemewithyourideas!
43ResourcesFeedbackonHeap:heapext@microsoft.
comDebuggingtools:http://www.
microsoft.
com/whdc/devtools/debugging/debugstart.
mspxApplicationVerifier:http://www.
microsoft.
com/downloads/details.
aspxFamilyID=bd02c19c-1250-433c-8c1b-2619bd93b3a2&DisplayLang=en4444secure@microsoft.
comThispresentationisforinformationalpurposesonly.
Microsoftmakesnowarranties,expressorimplied,inthissummary.
- demandvista系统优化相关文档
- 阵列vista系统优化
- 成像vista系统优化
- 接口vista系统优化
- 设置vista系统优化
- designedvista系统优化
- 映像vista系统优化
美国Cera 2核4G 20元/45天 香港CN2 E5 20M物理机服务器 150元 日本CN2 E5 20M物理机服务器 150元 提速啦
提速啦 成立于2012年,作为互联网老兵我们一直为用户提供 稳定 高速 高质量的产品。成立至今一直深受用户的喜爱 荣获 “2021年赣州安全大赛第三名” “2020创新企业入围奖” 等殊荣。目前我司在美国拥有4.6万G总内存云服务器资源,香港拥有2.2万G总内存云服务器资源,阿里云香港机房拥有8000G总内存云服务器资源,国内多地区拥有1.6万G总内存云服务器资源,绝非1 2台宿主机的小商家可比。...
6元虚拟主机是否值得购买
6元虚拟主机是否值得购买?近期各商家都纷纷推出了优质便宜的虚拟主机产品,其中不少6元的虚拟主机,这种主机是否值得购买,下面我们一起来看看。1、百度云6元体验三个月(活动时间有限抓紧体验)体验地址:https://cloud.baidu.com/campaign/experience/index.html?from=bchPromotion20182、Ucloud 10元云主机体验地址:https:...
青云互联:洛杉矶CN2弹性云限时七折,Cera机房三网CN2gia回程,13.3元/月起
青云互联怎么样?青云互联是一家成立于2020年6月份的主机服务商,致力于为用户提供高性价比稳定快速的主机托管服务,目前提供有美国免费主机、香港主机、香港服务器、美国云服务器,让您的网站高速、稳定运行。目前,美国洛杉矶cn2弹性云限时七折,美国cera机房三网CN2gia回程 13.3元/月起,可选Windows/可自定义配置。点击进入:青云互联官网青云互联优惠码:七折优惠码:dVRKp2tP (续...
vista系统优化为你推荐
-
无线路由器限速设置如何设置无线路由器局域网限速?缓冲区溢出教程溢出攻击法使用什么样的原理中小企业信息化中小企业如何进行企业信息化规划苹果5怎么越狱苹果5怎么越狱腾讯文章为什么最近腾讯网的文章评论都看不到直播加速怎么让已拍摄好的视频加速硬盘人电脑对人有多大辐射?奇虎论坛奇虎问答是什么bt封杀BT下载可以封杀迅雷吗?什么原理?能破吗?iphone6上市时间苹果六什么时候出的