demandvista系统优化
vista系统优化 时间:2021-02-25 阅读:()
WindowsVistaHeapManagementEnhancementsAdrianMarinescuDevelopmentLeadadrmarin@microsoft.
com2AgendaWindowsNTHeapManagementbasicsandevolutionWindowsVistaheap–majormilestone–Developmentprinciplesandguidelines–Securityfeatures–PerformancefeaturesQ&A3IntroductionSecurity–industry-wideconcernTwCdrivingmultiplesecurityinitiativesTheNTHeap–Strategicpointindefense–Improvedtorespondtoindustrytrendsinusage4PartI–Basics5HeapEvolutionTimeNT4NT4/SP4Windows2000XP/SP2Windows2003WindowsVistaBasicsPerformanceOpt-inSMPScalabilityHeapMitigationsEnhancedsecurityPerformanceQualitytoolIndustryWorkloadExploitationParallelism6NTHeapOverviewTheNTMemoryManagerSegmentManagement(forblocks1KNon-dedicatedfreelist(1–512KBytes)Segment1Segment64Segmentarray>512KVirtualBlocksList816>512K8HeapSegmentsSeg.
HB1B2UncommitedspaceBn…ByUncommitedspaceReservedspace9BlockEntryinpriorWindowsNTVersions0:018>dc04392f8004392f8000040002000000010442da6000240e68SizePreviousblocksizetagunusedbytesflagssegmentF-LinkB-Link10RoleofLinkEntryinEarlyExploitsArbitrarypointerwritemovmoveaxeax,DWORDPTR[,DWORDPTR[ecxecx]]movmovecxecx,DWORDPTR[ecx+4],DWORDPTR[ecx+4]movmovDWORDPTR[DWORDPTR[ecxecx],],eaxeaxmovmovDWORDPTR[eax+4],DWORDPTR[eax+4],ecxecxFwdLinkBkLinkValuetowriteLocationtowrite11LookasideListsNon-blockingsingle-linkedlists0-89-16Lookasidelists1016-1024HeaderLinkunusedHeaderLinkunused12TheLowFragmentationHeapArchitectureSMPUnit10-89-16Allocationbuckets1025-108815873-16384AllocationgranularitySMPUnitNSMPUnit1SegmentspoolSegmentspoolSegmentspool13LowFragmentationHeapBlockEntrySub-SegmentFlags…RelativelinkSizeLFHBlockFrees-listSub-Segment…8bytesUserdata14EarlyHeapMitigationsSafeListRemovalEntry->FwdLink->BkLink==Entry->BkLink->FwdLink==Entry8-bitcookietestedonfreeLFHblockentryencodingF(randomnumber,Blockaddress,heap)15ChangeinLandscapeNewexploitingmethodssurfacedChangeinusageoutlook–Memoryusage–IncreaseavailabilityofSMP–Increaserelevanceof64bitcomputingCodequality–higherdemandinindustry16WindowsVistaHeapManagerKeyDevelopmentDirectionsPerformanceandreliabilitySecurityCodequality17WindowsNTHeapRequirements18SecurityCorrectness–like:–Guaranteesrequestedsizes–Lifetimeofallocations–Clearingcontentwhenrequestedetc.
Defenselineinheapbasedexploits:Defenselineinheapbasedexploits:––AttemptstomitigatetheeffectofanattackAttemptstomitigatetheeffectofanattack––MakesdifficulthidingheapMakesdifficulthidingheap--basedexploitsbasedexploits19PerformanceScalefromsmalldevicestolargeserversOptimizedforvariedusagepatternsFollowtheindustrytrend–Memoryusage–IncreaseinSMPavailability–H/Warchitectureadvances20CompatibilityApplicationsmayrelyonthingslike:–Reallocreturningsamepointer–Read/writeafterreleasingablock–Doublefree–Overrunsoverunusedstructuresetc.
Heapchangesmayhaveunintendedeffects,suchas:–Crashes,leaksorbrokenfunctionalityinpoorlywrittenapplications–Severeperformanceregressions21PartII-WindowsVistaHeap22WindowsVistaHeapSecurityFeaturesBlockmetadatarandomizationIntegritycheckonblockentryAlgorithmvariationinresponsetousagepatternRandomrebasingFunctionpointerrandomizationAbruptapplicationterminationonerror23BlockMetadataRandomizationApartoftheheaderisXORdwitharandomvalueLowperformanceimpactShouldmakeguessingtherightvalueimpracticalFlexibleandcontainedalgorithmandimplementationAgileinupdates24EntryIntegrityCheckPrevious8-bitcookiehasbeenrepurposedtovalidatealargerpartoftheheaderValuemayberandomizedalongwiththeotherfieldsValidatedduringinternaloperationstoo25Demo–HeapHeaderLayout26Automatictuning–ShifttoLFHallocationsatarbitrarypointsonruntime–Triggersonvariouspatterns–Involvesalsode-commit/commitpoliciesRuntimeAlgorithmVariation27MoreHeapRandomizationsHeapbaserandomization–thingstoconsider:–Fragmentationoftheapplicationaddressspaceaffectinglargeserverapplications–PossibleperformanceissuesifhigherrandomizationisusedHeapfunctionpointerrandomization–Takesawayaknownplacetofacilitatethecodeexecutionalongwithrebasing28Demo29AbruptTerminationonErrorAnydatainconsistencyorinvalidheapfunctionusagedetectedmaytriggeritThescopeisprocess-wide(anyheapintheprocesshasthesamebehavior)TheprocessisterminatedviaWindowsErrorReportingDetailedinfoisavailableinthedumpfileNofunctionprovidedtodisableitOnbydefaultfor64bitplatforms&apps30TerminationonErrors(cont.
)Programmaticopt-Inmethod(newHeapEnableTerminationOnCorruptionclassdefined)BOOLHeapSetInformation(HANDLEHeapHandle,HEAP_INFORMATION_CLASSHeapInformationClass,PVOIDHeapInformation,SIZE_THeapInformationLength);LargenumberofcomponentswithWindowsVistaareoptedinTheinformationisavailableinadebuggerextension31Demo32NTHeapManager–ImprovesCodeQualityBenefitstoappdevelopersEarlyerrordetectionImproveddebuggingaidtoreducecostofinvestigatingcorruptionsReducedtolerancetomisusageWindowsVistaappswillbemoreresilienttofutureheapchanges33KnownAttackVectors&WindowsVistaRemovedlookasidelistandarrayofliststargetedbypreviousexploitsIntegritycheckonblockmetadatasignificantobstacletobruteforceattacksMostWindowsprocessesterminateonmemoryerrorsDynamic(runtime)changeinheapalgorithmsobstacletoconsistentexploitsHeapstructuresandmemorymgmtchangeslimitportabilityofexploits34SecurityenhancementsareajourneyMitigationsarenotsubstituteforgooddevelopmentpracticesWindowsVistaisjustamilestoneincontinualheapimprovements35WindowsVistaHeapPerf&ReliabilityImprovedscenariosbydefaultfor:SMPscalabilityExternalfragmentationLargeheapsImprovedreferencelocalityon64bitplatformsReducedVirtualAddressexhaustionIncreasedresiliencetopatternsinvolvinglong-termallocations36KeyPerformanceEnhancementsAutomatictuningLowergranularityofcontrolpoliciestoswitchtotheLowFragmentationHeapUseoflazyinitializationRedesignedsegmentmanagementImprovedinternallookupalgorithmsAddressedfragmentationinproblematicscenariosLoweroverheadon64bit37RandomAllocationBenchmark(0-1K)05101520253012345678MillionThreadsOps.
/secWindowsServer2003RecentWindowsVistaRandomAllocationBenchmark(4-8k)0246810121416182012345678MillionThreadsOps.
/secWindowsServer2003RecentWindowsVista38FragmentationTest(512blocks/80bytes)VirtualaddressCost010002000300040005000600070008000Runtime(sec)BytesperleakedbloRecentWindowsVistaWindowsServer2003Committedmemorycost0100200300400500600700800Runtime(sec)BytesperleakedbloRecentWindowsVistaWindowsServer200339FragmentationTest(512blocks/80bytes)Heapperformanceonheapexpansionpattern1(512blocks)(70x)0100000200000300000400000500000600000700000800000Runtime(sec)Ops.
/secRecentWindowsVistaWindowsServer200340FragmentationScenarioIIPatternPatternOps/secOps/sec(Recent(RecentWindowsWindowsVista)Vista)Ops/secOps/sec(Windows(WindowsServerServer2003SP1)2003SP1)ImprovemeImprovementntxx2562576004388663951292770915161441024403774517917204819418025776740968253412687841Memoryfootprinton2GBytesheapexpansion0500100015002000250030003500400045003264128256512102420484096BlocksizeMbytesmemorReservedMemoryInRecentWindowsVistaCommitedMemoryInRecentWindowsVistaReservedMemoryInWindowsServer2003CommitedMemoryInWindowsServer200342SummaryAttacksgetmoresophisticated…Butsodoestheheapmanagement–andnotonlyforsecurityWelaidthefoundationforincreasedagilityinheapimprovementswithreducedcompatibilityrisksImprovedscenariosforSMPandlargememoryusageDesignedtoenhancethecodequalityforapplicationsWearenotyetdone…wearelookingforwardforfurtherenhancementsasneededComeseemewithyourideas!
43ResourcesFeedbackonHeap:heapext@microsoft.
comDebuggingtools:http://www.
microsoft.
com/whdc/devtools/debugging/debugstart.
mspxApplicationVerifier:http://www.
microsoft.
com/downloads/details.
aspxFamilyID=bd02c19c-1250-433c-8c1b-2619bd93b3a2&DisplayLang=en4444secure@microsoft.
comThispresentationisforinformationalpurposesonly.
Microsoftmakesnowarranties,expressorimplied,inthissummary.
com2AgendaWindowsNTHeapManagementbasicsandevolutionWindowsVistaheap–majormilestone–Developmentprinciplesandguidelines–Securityfeatures–PerformancefeaturesQ&A3IntroductionSecurity–industry-wideconcernTwCdrivingmultiplesecurityinitiativesTheNTHeap–Strategicpointindefense–Improvedtorespondtoindustrytrendsinusage4PartI–Basics5HeapEvolutionTimeNT4NT4/SP4Windows2000XP/SP2Windows2003WindowsVistaBasicsPerformanceOpt-inSMPScalabilityHeapMitigationsEnhancedsecurityPerformanceQualitytoolIndustryWorkloadExploitationParallelism6NTHeapOverviewTheNTMemoryManagerSegmentManagement(forblocks1KNon-dedicatedfreelist(1–512KBytes)Segment1Segment64Segmentarray>512KVirtualBlocksList816>512K8HeapSegmentsSeg.
HB1B2UncommitedspaceBn…ByUncommitedspaceReservedspace9BlockEntryinpriorWindowsNTVersions0:018>dc04392f8004392f8000040002000000010442da6000240e68SizePreviousblocksizetagunusedbytesflagssegmentF-LinkB-Link10RoleofLinkEntryinEarlyExploitsArbitrarypointerwritemovmoveaxeax,DWORDPTR[,DWORDPTR[ecxecx]]movmovecxecx,DWORDPTR[ecx+4],DWORDPTR[ecx+4]movmovDWORDPTR[DWORDPTR[ecxecx],],eaxeaxmovmovDWORDPTR[eax+4],DWORDPTR[eax+4],ecxecxFwdLinkBkLinkValuetowriteLocationtowrite11LookasideListsNon-blockingsingle-linkedlists0-89-16Lookasidelists1016-1024HeaderLinkunusedHeaderLinkunused12TheLowFragmentationHeapArchitectureSMPUnit10-89-16Allocationbuckets1025-108815873-16384AllocationgranularitySMPUnitNSMPUnit1SegmentspoolSegmentspoolSegmentspool13LowFragmentationHeapBlockEntrySub-SegmentFlags…RelativelinkSizeLFHBlockFrees-listSub-Segment…8bytesUserdata14EarlyHeapMitigationsSafeListRemovalEntry->FwdLink->BkLink==Entry->BkLink->FwdLink==Entry8-bitcookietestedonfreeLFHblockentryencodingF(randomnumber,Blockaddress,heap)15ChangeinLandscapeNewexploitingmethodssurfacedChangeinusageoutlook–Memoryusage–IncreaseavailabilityofSMP–Increaserelevanceof64bitcomputingCodequality–higherdemandinindustry16WindowsVistaHeapManagerKeyDevelopmentDirectionsPerformanceandreliabilitySecurityCodequality17WindowsNTHeapRequirements18SecurityCorrectness–like:–Guaranteesrequestedsizes–Lifetimeofallocations–Clearingcontentwhenrequestedetc.
Defenselineinheapbasedexploits:Defenselineinheapbasedexploits:––AttemptstomitigatetheeffectofanattackAttemptstomitigatetheeffectofanattack––MakesdifficulthidingheapMakesdifficulthidingheap--basedexploitsbasedexploits19PerformanceScalefromsmalldevicestolargeserversOptimizedforvariedusagepatternsFollowtheindustrytrend–Memoryusage–IncreaseinSMPavailability–H/Warchitectureadvances20CompatibilityApplicationsmayrelyonthingslike:–Reallocreturningsamepointer–Read/writeafterreleasingablock–Doublefree–Overrunsoverunusedstructuresetc.
Heapchangesmayhaveunintendedeffects,suchas:–Crashes,leaksorbrokenfunctionalityinpoorlywrittenapplications–Severeperformanceregressions21PartII-WindowsVistaHeap22WindowsVistaHeapSecurityFeaturesBlockmetadatarandomizationIntegritycheckonblockentryAlgorithmvariationinresponsetousagepatternRandomrebasingFunctionpointerrandomizationAbruptapplicationterminationonerror23BlockMetadataRandomizationApartoftheheaderisXORdwitharandomvalueLowperformanceimpactShouldmakeguessingtherightvalueimpracticalFlexibleandcontainedalgorithmandimplementationAgileinupdates24EntryIntegrityCheckPrevious8-bitcookiehasbeenrepurposedtovalidatealargerpartoftheheaderValuemayberandomizedalongwiththeotherfieldsValidatedduringinternaloperationstoo25Demo–HeapHeaderLayout26Automatictuning–ShifttoLFHallocationsatarbitrarypointsonruntime–Triggersonvariouspatterns–Involvesalsode-commit/commitpoliciesRuntimeAlgorithmVariation27MoreHeapRandomizationsHeapbaserandomization–thingstoconsider:–Fragmentationoftheapplicationaddressspaceaffectinglargeserverapplications–PossibleperformanceissuesifhigherrandomizationisusedHeapfunctionpointerrandomization–Takesawayaknownplacetofacilitatethecodeexecutionalongwithrebasing28Demo29AbruptTerminationonErrorAnydatainconsistencyorinvalidheapfunctionusagedetectedmaytriggeritThescopeisprocess-wide(anyheapintheprocesshasthesamebehavior)TheprocessisterminatedviaWindowsErrorReportingDetailedinfoisavailableinthedumpfileNofunctionprovidedtodisableitOnbydefaultfor64bitplatforms&apps30TerminationonErrors(cont.
)Programmaticopt-Inmethod(newHeapEnableTerminationOnCorruptionclassdefined)BOOLHeapSetInformation(HANDLEHeapHandle,HEAP_INFORMATION_CLASSHeapInformationClass,PVOIDHeapInformation,SIZE_THeapInformationLength);LargenumberofcomponentswithWindowsVistaareoptedinTheinformationisavailableinadebuggerextension31Demo32NTHeapManager–ImprovesCodeQualityBenefitstoappdevelopersEarlyerrordetectionImproveddebuggingaidtoreducecostofinvestigatingcorruptionsReducedtolerancetomisusageWindowsVistaappswillbemoreresilienttofutureheapchanges33KnownAttackVectors&WindowsVistaRemovedlookasidelistandarrayofliststargetedbypreviousexploitsIntegritycheckonblockmetadatasignificantobstacletobruteforceattacksMostWindowsprocessesterminateonmemoryerrorsDynamic(runtime)changeinheapalgorithmsobstacletoconsistentexploitsHeapstructuresandmemorymgmtchangeslimitportabilityofexploits34SecurityenhancementsareajourneyMitigationsarenotsubstituteforgooddevelopmentpracticesWindowsVistaisjustamilestoneincontinualheapimprovements35WindowsVistaHeapPerf&ReliabilityImprovedscenariosbydefaultfor:SMPscalabilityExternalfragmentationLargeheapsImprovedreferencelocalityon64bitplatformsReducedVirtualAddressexhaustionIncreasedresiliencetopatternsinvolvinglong-termallocations36KeyPerformanceEnhancementsAutomatictuningLowergranularityofcontrolpoliciestoswitchtotheLowFragmentationHeapUseoflazyinitializationRedesignedsegmentmanagementImprovedinternallookupalgorithmsAddressedfragmentationinproblematicscenariosLoweroverheadon64bit37RandomAllocationBenchmark(0-1K)05101520253012345678MillionThreadsOps.
/secWindowsServer2003RecentWindowsVistaRandomAllocationBenchmark(4-8k)0246810121416182012345678MillionThreadsOps.
/secWindowsServer2003RecentWindowsVista38FragmentationTest(512blocks/80bytes)VirtualaddressCost010002000300040005000600070008000Runtime(sec)BytesperleakedbloRecentWindowsVistaWindowsServer2003Committedmemorycost0100200300400500600700800Runtime(sec)BytesperleakedbloRecentWindowsVistaWindowsServer200339FragmentationTest(512blocks/80bytes)Heapperformanceonheapexpansionpattern1(512blocks)(70x)0100000200000300000400000500000600000700000800000Runtime(sec)Ops.
/secRecentWindowsVistaWindowsServer200340FragmentationScenarioIIPatternPatternOps/secOps/sec(Recent(RecentWindowsWindowsVista)Vista)Ops/secOps/sec(Windows(WindowsServerServer2003SP1)2003SP1)ImprovemeImprovementntxx2562576004388663951292770915161441024403774517917204819418025776740968253412687841Memoryfootprinton2GBytesheapexpansion0500100015002000250030003500400045003264128256512102420484096BlocksizeMbytesmemorReservedMemoryInRecentWindowsVistaCommitedMemoryInRecentWindowsVistaReservedMemoryInWindowsServer2003CommitedMemoryInWindowsServer200342SummaryAttacksgetmoresophisticated…Butsodoestheheapmanagement–andnotonlyforsecurityWelaidthefoundationforincreasedagilityinheapimprovementswithreducedcompatibilityrisksImprovedscenariosforSMPandlargememoryusageDesignedtoenhancethecodequalityforapplicationsWearenotyetdone…wearelookingforwardforfurtherenhancementsasneededComeseemewithyourideas!
43ResourcesFeedbackonHeap:heapext@microsoft.
comDebuggingtools:http://www.
microsoft.
com/whdc/devtools/debugging/debugstart.
mspxApplicationVerifier:http://www.
microsoft.
com/downloads/details.
aspxFamilyID=bd02c19c-1250-433c-8c1b-2619bd93b3a2&DisplayLang=en4444secure@microsoft.
comThispresentationisforinformationalpurposesonly.
Microsoftmakesnowarranties,expressorimplied,inthissummary.
- demandvista系统优化相关文档
- 阵列vista系统优化
- 成像vista系统优化
- 接口vista系统优化
- 设置vista系统优化
- designedvista系统优化
- 映像vista系统优化
鲸云10美元,香港BGPRM 1核 1G 10Mbps峰值带宽 1TB流量,江西CN2-NAT 1核 512MB内存 100M带宽 ,
WHloud Official Notice(鲸云官方通知)(鲸落 梦之终章)]WHloud RouMu Cloud Hosting若木产品线云主机-香港节点上新预售本次线路均为电信CN2 GIA+移动联通BGP,此机型为正常常规机,建站推荐。本次预售定为国庆后开通,据销售状况决定,照以往经验或有咕咕的可能性,但是大多等待时间不长。均赠送2个快照 2个备份,1个默认ipv4官方网站:https:/...
无忧云-河南洛阳BGP,CEPH集群分布式存储,数据安全可靠,活动期间月付大优惠!
无忧云怎么样?无忧云服务器好不好?无忧云值不值得购买?无忧云是一家成立于2017年的老牌商家旗下的服务器销售品牌,现由深圳市云上无忧网络科技有限公司运营,是正规持证IDC/ISP/IRCS商家,主要销售国内、中国香港、国外服务器产品,线路有腾讯云国外线路、自营香港CN2线路等,都是中国大陆直连线路,非常适合免备案建站业务需求和各种负载较高的项目,同时国内服务器也有多个BGP以及高防节点...
特网云(198元/月),高质量云虚拟主机低至0.16元/天,裸金属服务器仅需10.5元/天
特网云为您提供高速、稳定、安全、弹性的云计算服务计算、存储、监控、安全,完善的云产品满足您的一切所需,深耕云计算领域10余年;我们拥有前沿的核心技术,始终致力于为政府机构、企业组织和个人开发者提供稳定、安全、可靠、高性价比的云计算产品与服务。官方网站:https://www.56dr.com/ 10年老品牌 值得信赖 有需要的请联系======================特网云推出多IP云主机...
vista系统优化为你推荐
-
根目录什么叫固件?什么叫根目录?赵雨润《星辰变》电影什么时候能开机拍呢?个性qq资料QQ个性资料照片转手绘照片弄成手绘一样的那个软件到底叫什么,能不能告诉啊?百度手写百度手写显示童之磊华硕的四核平板电脑,怎么样?怎么点亮qq空间图标怎么点亮QQ空间的图标idc前线永恒之塔内侧 删档吗 ?宽带接入服务器网络已连接,可无法连接到服务器为什么?网络已连接,可无法连接到服务gbk编码表如何制作GBK与Unicode的对照表