demandvista系统优化
vista系统优化 时间:2021-02-25 阅读:()
WindowsVistaHeapManagementEnhancementsAdrianMarinescuDevelopmentLeadadrmarin@microsoft.
com2AgendaWindowsNTHeapManagementbasicsandevolutionWindowsVistaheap–majormilestone–Developmentprinciplesandguidelines–Securityfeatures–PerformancefeaturesQ&A3IntroductionSecurity–industry-wideconcernTwCdrivingmultiplesecurityinitiativesTheNTHeap–Strategicpointindefense–Improvedtorespondtoindustrytrendsinusage4PartI–Basics5HeapEvolutionTimeNT4NT4/SP4Windows2000XP/SP2Windows2003WindowsVistaBasicsPerformanceOpt-inSMPScalabilityHeapMitigationsEnhancedsecurityPerformanceQualitytoolIndustryWorkloadExploitationParallelism6NTHeapOverviewTheNTMemoryManagerSegmentManagement(forblocks1KNon-dedicatedfreelist(1–512KBytes)Segment1Segment64Segmentarray>512KVirtualBlocksList816>512K8HeapSegmentsSeg.
HB1B2UncommitedspaceBn…ByUncommitedspaceReservedspace9BlockEntryinpriorWindowsNTVersions0:018>dc04392f8004392f8000040002000000010442da6000240e68SizePreviousblocksizetagunusedbytesflagssegmentF-LinkB-Link10RoleofLinkEntryinEarlyExploitsArbitrarypointerwritemovmoveaxeax,DWORDPTR[,DWORDPTR[ecxecx]]movmovecxecx,DWORDPTR[ecx+4],DWORDPTR[ecx+4]movmovDWORDPTR[DWORDPTR[ecxecx],],eaxeaxmovmovDWORDPTR[eax+4],DWORDPTR[eax+4],ecxecxFwdLinkBkLinkValuetowriteLocationtowrite11LookasideListsNon-blockingsingle-linkedlists0-89-16Lookasidelists1016-1024HeaderLinkunusedHeaderLinkunused12TheLowFragmentationHeapArchitectureSMPUnit10-89-16Allocationbuckets1025-108815873-16384AllocationgranularitySMPUnitNSMPUnit1SegmentspoolSegmentspoolSegmentspool13LowFragmentationHeapBlockEntrySub-SegmentFlags…RelativelinkSizeLFHBlockFrees-listSub-Segment…8bytesUserdata14EarlyHeapMitigationsSafeListRemovalEntry->FwdLink->BkLink==Entry->BkLink->FwdLink==Entry8-bitcookietestedonfreeLFHblockentryencodingF(randomnumber,Blockaddress,heap)15ChangeinLandscapeNewexploitingmethodssurfacedChangeinusageoutlook–Memoryusage–IncreaseavailabilityofSMP–Increaserelevanceof64bitcomputingCodequality–higherdemandinindustry16WindowsVistaHeapManagerKeyDevelopmentDirectionsPerformanceandreliabilitySecurityCodequality17WindowsNTHeapRequirements18SecurityCorrectness–like:–Guaranteesrequestedsizes–Lifetimeofallocations–Clearingcontentwhenrequestedetc.
Defenselineinheapbasedexploits:Defenselineinheapbasedexploits:––AttemptstomitigatetheeffectofanattackAttemptstomitigatetheeffectofanattack––MakesdifficulthidingheapMakesdifficulthidingheap--basedexploitsbasedexploits19PerformanceScalefromsmalldevicestolargeserversOptimizedforvariedusagepatternsFollowtheindustrytrend–Memoryusage–IncreaseinSMPavailability–H/Warchitectureadvances20CompatibilityApplicationsmayrelyonthingslike:–Reallocreturningsamepointer–Read/writeafterreleasingablock–Doublefree–Overrunsoverunusedstructuresetc.
Heapchangesmayhaveunintendedeffects,suchas:–Crashes,leaksorbrokenfunctionalityinpoorlywrittenapplications–Severeperformanceregressions21PartII-WindowsVistaHeap22WindowsVistaHeapSecurityFeaturesBlockmetadatarandomizationIntegritycheckonblockentryAlgorithmvariationinresponsetousagepatternRandomrebasingFunctionpointerrandomizationAbruptapplicationterminationonerror23BlockMetadataRandomizationApartoftheheaderisXORdwitharandomvalueLowperformanceimpactShouldmakeguessingtherightvalueimpracticalFlexibleandcontainedalgorithmandimplementationAgileinupdates24EntryIntegrityCheckPrevious8-bitcookiehasbeenrepurposedtovalidatealargerpartoftheheaderValuemayberandomizedalongwiththeotherfieldsValidatedduringinternaloperationstoo25Demo–HeapHeaderLayout26Automatictuning–ShifttoLFHallocationsatarbitrarypointsonruntime–Triggersonvariouspatterns–Involvesalsode-commit/commitpoliciesRuntimeAlgorithmVariation27MoreHeapRandomizationsHeapbaserandomization–thingstoconsider:–Fragmentationoftheapplicationaddressspaceaffectinglargeserverapplications–PossibleperformanceissuesifhigherrandomizationisusedHeapfunctionpointerrandomization–Takesawayaknownplacetofacilitatethecodeexecutionalongwithrebasing28Demo29AbruptTerminationonErrorAnydatainconsistencyorinvalidheapfunctionusagedetectedmaytriggeritThescopeisprocess-wide(anyheapintheprocesshasthesamebehavior)TheprocessisterminatedviaWindowsErrorReportingDetailedinfoisavailableinthedumpfileNofunctionprovidedtodisableitOnbydefaultfor64bitplatforms&apps30TerminationonErrors(cont.
)Programmaticopt-Inmethod(newHeapEnableTerminationOnCorruptionclassdefined)BOOLHeapSetInformation(HANDLEHeapHandle,HEAP_INFORMATION_CLASSHeapInformationClass,PVOIDHeapInformation,SIZE_THeapInformationLength);LargenumberofcomponentswithWindowsVistaareoptedinTheinformationisavailableinadebuggerextension31Demo32NTHeapManager–ImprovesCodeQualityBenefitstoappdevelopersEarlyerrordetectionImproveddebuggingaidtoreducecostofinvestigatingcorruptionsReducedtolerancetomisusageWindowsVistaappswillbemoreresilienttofutureheapchanges33KnownAttackVectors&WindowsVistaRemovedlookasidelistandarrayofliststargetedbypreviousexploitsIntegritycheckonblockmetadatasignificantobstacletobruteforceattacksMostWindowsprocessesterminateonmemoryerrorsDynamic(runtime)changeinheapalgorithmsobstacletoconsistentexploitsHeapstructuresandmemorymgmtchangeslimitportabilityofexploits34SecurityenhancementsareajourneyMitigationsarenotsubstituteforgooddevelopmentpracticesWindowsVistaisjustamilestoneincontinualheapimprovements35WindowsVistaHeapPerf&ReliabilityImprovedscenariosbydefaultfor:SMPscalabilityExternalfragmentationLargeheapsImprovedreferencelocalityon64bitplatformsReducedVirtualAddressexhaustionIncreasedresiliencetopatternsinvolvinglong-termallocations36KeyPerformanceEnhancementsAutomatictuningLowergranularityofcontrolpoliciestoswitchtotheLowFragmentationHeapUseoflazyinitializationRedesignedsegmentmanagementImprovedinternallookupalgorithmsAddressedfragmentationinproblematicscenariosLoweroverheadon64bit37RandomAllocationBenchmark(0-1K)05101520253012345678MillionThreadsOps.
/secWindowsServer2003RecentWindowsVistaRandomAllocationBenchmark(4-8k)0246810121416182012345678MillionThreadsOps.
/secWindowsServer2003RecentWindowsVista38FragmentationTest(512blocks/80bytes)VirtualaddressCost010002000300040005000600070008000Runtime(sec)BytesperleakedbloRecentWindowsVistaWindowsServer2003Committedmemorycost0100200300400500600700800Runtime(sec)BytesperleakedbloRecentWindowsVistaWindowsServer200339FragmentationTest(512blocks/80bytes)Heapperformanceonheapexpansionpattern1(512blocks)(70x)0100000200000300000400000500000600000700000800000Runtime(sec)Ops.
/secRecentWindowsVistaWindowsServer200340FragmentationScenarioIIPatternPatternOps/secOps/sec(Recent(RecentWindowsWindowsVista)Vista)Ops/secOps/sec(Windows(WindowsServerServer2003SP1)2003SP1)ImprovemeImprovementntxx2562576004388663951292770915161441024403774517917204819418025776740968253412687841Memoryfootprinton2GBytesheapexpansion0500100015002000250030003500400045003264128256512102420484096BlocksizeMbytesmemorReservedMemoryInRecentWindowsVistaCommitedMemoryInRecentWindowsVistaReservedMemoryInWindowsServer2003CommitedMemoryInWindowsServer200342SummaryAttacksgetmoresophisticated…Butsodoestheheapmanagement–andnotonlyforsecurityWelaidthefoundationforincreasedagilityinheapimprovementswithreducedcompatibilityrisksImprovedscenariosforSMPandlargememoryusageDesignedtoenhancethecodequalityforapplicationsWearenotyetdone…wearelookingforwardforfurtherenhancementsasneededComeseemewithyourideas!
43ResourcesFeedbackonHeap:heapext@microsoft.
comDebuggingtools:http://www.
microsoft.
com/whdc/devtools/debugging/debugstart.
mspxApplicationVerifier:http://www.
microsoft.
com/downloads/details.
aspxFamilyID=bd02c19c-1250-433c-8c1b-2619bd93b3a2&DisplayLang=en4444secure@microsoft.
comThispresentationisforinformationalpurposesonly.
Microsoftmakesnowarranties,expressorimplied,inthissummary.
com2AgendaWindowsNTHeapManagementbasicsandevolutionWindowsVistaheap–majormilestone–Developmentprinciplesandguidelines–Securityfeatures–PerformancefeaturesQ&A3IntroductionSecurity–industry-wideconcernTwCdrivingmultiplesecurityinitiativesTheNTHeap–Strategicpointindefense–Improvedtorespondtoindustrytrendsinusage4PartI–Basics5HeapEvolutionTimeNT4NT4/SP4Windows2000XP/SP2Windows2003WindowsVistaBasicsPerformanceOpt-inSMPScalabilityHeapMitigationsEnhancedsecurityPerformanceQualitytoolIndustryWorkloadExploitationParallelism6NTHeapOverviewTheNTMemoryManagerSegmentManagement(forblocks1KNon-dedicatedfreelist(1–512KBytes)Segment1Segment64Segmentarray>512KVirtualBlocksList816>512K8HeapSegmentsSeg.
HB1B2UncommitedspaceBn…ByUncommitedspaceReservedspace9BlockEntryinpriorWindowsNTVersions0:018>dc04392f8004392f8000040002000000010442da6000240e68SizePreviousblocksizetagunusedbytesflagssegmentF-LinkB-Link10RoleofLinkEntryinEarlyExploitsArbitrarypointerwritemovmoveaxeax,DWORDPTR[,DWORDPTR[ecxecx]]movmovecxecx,DWORDPTR[ecx+4],DWORDPTR[ecx+4]movmovDWORDPTR[DWORDPTR[ecxecx],],eaxeaxmovmovDWORDPTR[eax+4],DWORDPTR[eax+4],ecxecxFwdLinkBkLinkValuetowriteLocationtowrite11LookasideListsNon-blockingsingle-linkedlists0-89-16Lookasidelists1016-1024HeaderLinkunusedHeaderLinkunused12TheLowFragmentationHeapArchitectureSMPUnit10-89-16Allocationbuckets1025-108815873-16384AllocationgranularitySMPUnitNSMPUnit1SegmentspoolSegmentspoolSegmentspool13LowFragmentationHeapBlockEntrySub-SegmentFlags…RelativelinkSizeLFHBlockFrees-listSub-Segment…8bytesUserdata14EarlyHeapMitigationsSafeListRemovalEntry->FwdLink->BkLink==Entry->BkLink->FwdLink==Entry8-bitcookietestedonfreeLFHblockentryencodingF(randomnumber,Blockaddress,heap)15ChangeinLandscapeNewexploitingmethodssurfacedChangeinusageoutlook–Memoryusage–IncreaseavailabilityofSMP–Increaserelevanceof64bitcomputingCodequality–higherdemandinindustry16WindowsVistaHeapManagerKeyDevelopmentDirectionsPerformanceandreliabilitySecurityCodequality17WindowsNTHeapRequirements18SecurityCorrectness–like:–Guaranteesrequestedsizes–Lifetimeofallocations–Clearingcontentwhenrequestedetc.
Defenselineinheapbasedexploits:Defenselineinheapbasedexploits:––AttemptstomitigatetheeffectofanattackAttemptstomitigatetheeffectofanattack––MakesdifficulthidingheapMakesdifficulthidingheap--basedexploitsbasedexploits19PerformanceScalefromsmalldevicestolargeserversOptimizedforvariedusagepatternsFollowtheindustrytrend–Memoryusage–IncreaseinSMPavailability–H/Warchitectureadvances20CompatibilityApplicationsmayrelyonthingslike:–Reallocreturningsamepointer–Read/writeafterreleasingablock–Doublefree–Overrunsoverunusedstructuresetc.
Heapchangesmayhaveunintendedeffects,suchas:–Crashes,leaksorbrokenfunctionalityinpoorlywrittenapplications–Severeperformanceregressions21PartII-WindowsVistaHeap22WindowsVistaHeapSecurityFeaturesBlockmetadatarandomizationIntegritycheckonblockentryAlgorithmvariationinresponsetousagepatternRandomrebasingFunctionpointerrandomizationAbruptapplicationterminationonerror23BlockMetadataRandomizationApartoftheheaderisXORdwitharandomvalueLowperformanceimpactShouldmakeguessingtherightvalueimpracticalFlexibleandcontainedalgorithmandimplementationAgileinupdates24EntryIntegrityCheckPrevious8-bitcookiehasbeenrepurposedtovalidatealargerpartoftheheaderValuemayberandomizedalongwiththeotherfieldsValidatedduringinternaloperationstoo25Demo–HeapHeaderLayout26Automatictuning–ShifttoLFHallocationsatarbitrarypointsonruntime–Triggersonvariouspatterns–Involvesalsode-commit/commitpoliciesRuntimeAlgorithmVariation27MoreHeapRandomizationsHeapbaserandomization–thingstoconsider:–Fragmentationoftheapplicationaddressspaceaffectinglargeserverapplications–PossibleperformanceissuesifhigherrandomizationisusedHeapfunctionpointerrandomization–Takesawayaknownplacetofacilitatethecodeexecutionalongwithrebasing28Demo29AbruptTerminationonErrorAnydatainconsistencyorinvalidheapfunctionusagedetectedmaytriggeritThescopeisprocess-wide(anyheapintheprocesshasthesamebehavior)TheprocessisterminatedviaWindowsErrorReportingDetailedinfoisavailableinthedumpfileNofunctionprovidedtodisableitOnbydefaultfor64bitplatforms&apps30TerminationonErrors(cont.
)Programmaticopt-Inmethod(newHeapEnableTerminationOnCorruptionclassdefined)BOOLHeapSetInformation(HANDLEHeapHandle,HEAP_INFORMATION_CLASSHeapInformationClass,PVOIDHeapInformation,SIZE_THeapInformationLength);LargenumberofcomponentswithWindowsVistaareoptedinTheinformationisavailableinadebuggerextension31Demo32NTHeapManager–ImprovesCodeQualityBenefitstoappdevelopersEarlyerrordetectionImproveddebuggingaidtoreducecostofinvestigatingcorruptionsReducedtolerancetomisusageWindowsVistaappswillbemoreresilienttofutureheapchanges33KnownAttackVectors&WindowsVistaRemovedlookasidelistandarrayofliststargetedbypreviousexploitsIntegritycheckonblockmetadatasignificantobstacletobruteforceattacksMostWindowsprocessesterminateonmemoryerrorsDynamic(runtime)changeinheapalgorithmsobstacletoconsistentexploitsHeapstructuresandmemorymgmtchangeslimitportabilityofexploits34SecurityenhancementsareajourneyMitigationsarenotsubstituteforgooddevelopmentpracticesWindowsVistaisjustamilestoneincontinualheapimprovements35WindowsVistaHeapPerf&ReliabilityImprovedscenariosbydefaultfor:SMPscalabilityExternalfragmentationLargeheapsImprovedreferencelocalityon64bitplatformsReducedVirtualAddressexhaustionIncreasedresiliencetopatternsinvolvinglong-termallocations36KeyPerformanceEnhancementsAutomatictuningLowergranularityofcontrolpoliciestoswitchtotheLowFragmentationHeapUseoflazyinitializationRedesignedsegmentmanagementImprovedinternallookupalgorithmsAddressedfragmentationinproblematicscenariosLoweroverheadon64bit37RandomAllocationBenchmark(0-1K)05101520253012345678MillionThreadsOps.
/secWindowsServer2003RecentWindowsVistaRandomAllocationBenchmark(4-8k)0246810121416182012345678MillionThreadsOps.
/secWindowsServer2003RecentWindowsVista38FragmentationTest(512blocks/80bytes)VirtualaddressCost010002000300040005000600070008000Runtime(sec)BytesperleakedbloRecentWindowsVistaWindowsServer2003Committedmemorycost0100200300400500600700800Runtime(sec)BytesperleakedbloRecentWindowsVistaWindowsServer200339FragmentationTest(512blocks/80bytes)Heapperformanceonheapexpansionpattern1(512blocks)(70x)0100000200000300000400000500000600000700000800000Runtime(sec)Ops.
/secRecentWindowsVistaWindowsServer200340FragmentationScenarioIIPatternPatternOps/secOps/sec(Recent(RecentWindowsWindowsVista)Vista)Ops/secOps/sec(Windows(WindowsServerServer2003SP1)2003SP1)ImprovemeImprovementntxx2562576004388663951292770915161441024403774517917204819418025776740968253412687841Memoryfootprinton2GBytesheapexpansion0500100015002000250030003500400045003264128256512102420484096BlocksizeMbytesmemorReservedMemoryInRecentWindowsVistaCommitedMemoryInRecentWindowsVistaReservedMemoryInWindowsServer2003CommitedMemoryInWindowsServer200342SummaryAttacksgetmoresophisticated…Butsodoestheheapmanagement–andnotonlyforsecurityWelaidthefoundationforincreasedagilityinheapimprovementswithreducedcompatibilityrisksImprovedscenariosforSMPandlargememoryusageDesignedtoenhancethecodequalityforapplicationsWearenotyetdone…wearelookingforwardforfurtherenhancementsasneededComeseemewithyourideas!
43ResourcesFeedbackonHeap:heapext@microsoft.
comDebuggingtools:http://www.
microsoft.
com/whdc/devtools/debugging/debugstart.
mspxApplicationVerifier:http://www.
microsoft.
com/downloads/details.
aspxFamilyID=bd02c19c-1250-433c-8c1b-2619bd93b3a2&DisplayLang=en4444secure@microsoft.
comThispresentationisforinformationalpurposesonly.
Microsoftmakesnowarranties,expressorimplied,inthissummary.
- demandvista系统优化相关文档
- 阵列vista系统优化
- 成像vista系统优化
- 接口vista系统优化
- 设置vista系统优化
- designedvista系统优化
- 映像vista系统优化
HostRound:美国达拉斯/洛杉矶/纽约/荷兰大硬盘服务器,1TB NVMe+4TB HDD,$179/月
hostround怎么样?大硬盘服务器,高防服务器。hostround,美国商家,2017年成立,正规注册公司(Company File #6180543),提供虚拟主机、VPS云主机、美国服务器、荷兰服务器租用等。现在有1款特价大硬盘独服,位于达拉斯,配置还不错,本月订购时包括免费 500Gbps DDoS 保护,有兴趣的可以关注一下。点击直达:hostround官方网站地址美国\荷兰独立服务器...
LOCVPS全场8折,香港云地/邦联VPS带宽升级不加价
LOCVPS发布了7月份促销信息,全场VPS主机8折优惠码,续费同价,同时香港云地/邦联机房带宽免费升级不加价,原来3M升级至6M,2GB内存套餐优惠后每月44元起。这是成立较久的一家国人VPS服务商,提供美国洛杉矶(MC/C3)、和中国香港(邦联、沙田电信、大埔)、日本(东京、大阪)、新加坡、德国和荷兰等机房VPS主机,基于XEN或者KVM虚拟架构,均选择国内访问线路不错的机房,适合建站和远程办...
HostKvm($4.25/月)俄罗斯/香港高防VPS
HostKvm又上新了,这次上架了2个线路产品:俄罗斯和香港高防VPS,其中俄罗斯经测试电信CN2线路,而香港高防VPS提供30Gbps攻击防御。HostKvm是一家成立于2013年的国外主机服务商,主要提供基于KVM架构的VPS主机,可选数据中心包括日本、新加坡、韩国、美国、中国香港等多个地区机房,均为国内直连或优化线路,延迟较低,适合建站或者远程办公等。俄罗斯VPSCPU:1core内存:2G...
vista系统优化为你推荐
-
推广方法推广方案怎么写怎么在qq空间里添加背景音乐如何在qq空间中添加背景音乐ghostxp3GHOST系统 ghostxp3 ghostxp2 ghostxp1 三者有什么区别?数码资源网有什么网站弄相片效果比较好的?今日热点怎么删除youku今日热点怎么卸载9flash在“属性”对话框中的“Move”后面的框中输入Flash动画文件的绝对路径及文件名,这句话怎么操作?办公协同软件协同企业办公的软件有哪些?唱吧电脑版官方下载唱吧有没有电脑版的啊?腾讯文章腾讯新闻的精选微信里面收藏的文章在哪里ios7固件下载iOS的固件有正版盗版之分吗?我看到了蜂威网有iOS7的固件想下载试用一下,那里是测试版是正版吗