Heap overwrite in Ntdll.dll 
Author Message
 Heap overwrite in Ntdll.dll

I am getting "User break point..." stops and heap overwrite messages while
running the VC++ de{*filter*} on a single machine only.  The problem occurs in code
that runs perfectly on other machines and appears to be happening inside

Here is an entire program that demonstrates the problem:

// --begin bug1.cpp--
#include "pdh.h"

int main(int argc, char* argv[])
  PDH_STATUS pdhStatus =  PdhOpenQuery(NULL,(DWORD) 2001,&hQuery);
  if(pdhStatus == ERROR_SUCCESS)
    HCOUNTER hCounter;
    pdhStatus = PdhAddCounter(hQuery,"\\Processor(0)\\% Processor Time",(DWORD)
  return 0;


// --end bug1.cpp--

Running this program causes a User breakpoint to trip on the call to PdhAddCounter
(), with the following output:

HEAP[Bug1.exe]: Heap block at 0013D228 modified at 0013D462 past requested size
of 232

Here is another example where the problem occurs while opening a socket:

// begin bug2.cpp
#include "winsock.h"

int main(int argc, char* argv[])
  int nRetval = 0;
  WORD wVersionRequested;
  WSADATA wsaData;
  int nErr;
    wVersionRequested = MAKEWORD(2,2);
    nErr = WSAStartup(wVersionRequested,&wsaData);
    if (nErr != 0 )
      nRetval = -1;
      SOCKET sock = socket(PF_INET,SOCK_STREAM,0);
      if (sock == INVALID_SOCKET)
        nRetval = -1;
    nRetval = -1;
  return nRetval;


// end bug2.cpp

This program triggers the User breakpoint and heap overwrite on the call to socket
().  Note that no exception is thrown to the try-catch block.

The only unusual thing about the machine on which this is happening is it is a
Pentium 4 1.5Ghz box with an 80Gb IDE hard drive.  This is the first machine of
this type we have ever used.

All machines used for testing are running VC++ 6.0 with SP5.  Operating system is
Windows 2000 Pro with SP1.

Does anyone have any clue what this might be?


Drew Stoddard

Thu, 09 Oct 2003 00:46:15 GMT  
 Heap overwrite in Ntdll.dll
Do you know which statement causes the problem?

Try the Visual C++ heap debugging API. It is a useful tool for locating
leaks. These include functions, such as _CrtMemDifference() and
_CrtMemDumpAllObjectsSince(), which are documented in the Visual C++
Programmer's Guide in the Debug Function Reference section.


Fri, 10 Oct 2003 16:14:54 GMT  
 [ 2 post ] 

 Relevant Pages 

1. (ATL) COM dll heap vs CRT heap

2. ntdll.dll & KERNEL32.DLL

3. HEAP[dllhost.exe]: HEAP: Free Heap block 1e32c28 modified at 1e32dc4 after it was freed

4. NT Memory error (In NTDLL.DLL - can't read memory at FFFFFFF8)

5. NTDLL.DLL Access Violation in CRecordset-derived class?

6. Help: Unhandled exception in ntdll.dll using CDatabase object

7. urgent-First chance exception in iexplore.exe (ntdll.dll)-invalid handle

8. ODBC And NTDLL.DLL Unhandled Exception

9. Access Violation in NTDLL.DLL

10. Unhandled Exception in NTDLL.dll

11. Exception in NTDLL.DLL when closing a database

12. unhandled exception in someprog.exe (NTDLL.DLL): 0xC0000005: Access Violation


Powered by phpBB® Forum Software