Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.


Welcome, Guest
Guest Settings
Help

Thread: Get size of a memory block when it is freed?


This question is answered.


Permlink Replies: 9 - Last Post: Feb 17, 2018 10:14 AM Last Post By: Rudy Velthuis (...
Arthur Hoornweg

Posts: 414
Registered: 6/2/98
Get size of a memory block when it is freed?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 13, 2018 5:16 AM
Hello all,

I want to hook into the memory manager. When memory is freed, I want to have the possibility to overwrite the memory block with zeroes so that secret information does not remain in the process' working memory.

My problem: I need to know how many bytes to wipe whenever a block is freed.

Consider this:

- Wiping a variable's sensitive contents manually before the variable is freed or before it goes out of scope is trivial.

- However, Delphi has the tendency to create hidden local variables for managed types (such as strings) whenever such types are returned by a function and not stored into a variable. This happens in a million places in my own code and also in the RTL and VCL.

If such hidden variables contain sensitive or secret text data, then that text will still be legible in the process' working memory after they have been freed (at least for a while, until the same memory location is overwritten with new data).

If a user knows how to make a memory dump of the process into a file he can read whatever legible text was in memory. This is an attack vector that must be avoided in programs that handle passwords, access codes, credit card data etc.

Look at this example code. Of course I would never implement a password scheme like this, but it illustrates the problem :

//just a very dumb password decoder
Function SecretPassword:String;
Begin
  Result:='s';
  result:=result+'e';
  result:=result+'c';
  result:=result+'r';
  result:=result+'e';
  result:=result+'t'; 
End;
 
Function PasswordOK (const input:String):Boolean;
Begin
  Result:=(input=secretpassword);
End;


Inside the function "passwordOK", there's a hidden temporary variable which stores the cleartext result of function "secretpassword" until it goes out of scope. At the end of the function, the data is "freed" but not "wiped" and therefore still legible in memory.

Hooking into the Delphi memory manager (using SetMemoryManager()) would enable me to wipe the memory before it is released. But in order to do that, I need to know how many bytes to wipe. Or does FastMM4 already have an option to do this conditionally when running sensitive pieces of code ?


Kind regards,
Arthur Hoornweg

Lajos Juhasz

Posts: 801
Registered: 3/14/14
Re: Get size of a memory block when it is freed? [Edit]
Correct
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 13, 2018 6:11 AM   in response to: Arthur Hoornweg in response to: Arthur Hoornweg
Arthur Hoornweg wrote:

g a variable's sensitive contents manually before the variable is
freed or before it goes out of scope is trivial.

- However, Delphi has the tendency to create hidden local variables
for managed types (such as strings) whenever such types are returned
by a function and not stored into a variable. This happens in a
million places in my own code and also in the RTL and VCL.

If such hidden variables contain sensitive or secret text data, then
that text will still be legible in the process' working memory after
they have been freed (at least for a while, until the same memory
location is overwritten with new data).

If a user knows how to make a memory dump of the process into a file
he can read whatever legible text was in memory. This is an attack
vector that must be avoided in programs that handle passwords, access
codes, credit card data etc.

The full version of the FastMM has two options that you could test .
Here is the relevant part of the FastMM4Options.inc:

{Windows clears physical memory before reusing it in another process.
However,
 it is not known how quickly this clearing is performed, so it is
conceivable
 that confidential data may linger in physical memory longer than
absolutely
 necessary. If you're paranoid about this kind of thing, enable this
option to
 clear all freed memory before returning it to the operating system.
Note that
 this incurs a noticeable performance hit.}
{.$define ClearMemoryBeforeReturningToOS}
 
{With this option enabled freed memory will immediately be cleared
inside the
 FreeMem routine. This incurs a big performance hit, but may be
worthwhile for
 additional peace of mind when working with highly sensitive data. This
option
 supersedes the ClearMemoryBeforeReturningToOS option.}
{.$define AlwaysClearFreedMemory}
Arthur Hoornweg

Posts: 414
Registered: 6/2/98
Re: Get size of a memory block when it is freed? [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 13, 2018 11:36 PM   in response to: Lajos Juhasz in response to: Lajos Juhasz
Lajos Juhasz wrote:

{.$define AlwaysClearFreedMemory}
{With this option enabled freed memory will immediately be cleared
inside the
FreeMem routine. This incurs a big performance hit, but may be
worthwhile for
additional peace of mind when working with highly sensitive data.


Thanks Lajos, that's what I was looking for! I'll need to change the source code of FastMM to make it a conditional operation though.

Rudy Velthuis (...


Posts: 7,731
Registered: 9/22/99
Re: Get size of a memory block when it is freed? [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 13, 2018 4:28 PM   in response to: Arthur Hoornweg in response to: Arthur Hoornweg
Arthur Hoornweg wrote:

Hello all,

I want to hook into the memory manager. When memory is freed, I want
to have the possibility to overwrite the memory block with zeroes so
that secret information does not remain in the process' working
memory.

My problem: I need to know how many bytes to wipe whenever a block is
freed.

Wipe it before it is freed. Note that you can hook the memory manager
quite easily. GetMem, FreeMem and AllocMem all call hooks. Just chain
them to pass through your code.

--
Rudy Velthuis http://www.rvelthuis.de

"You can't wake a person who is pretending to be asleep."
-- Native Proverb
Arthur Hoornweg

Posts: 414
Registered: 6/2/98
Re: Get size of a memory block when it is freed? [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 13, 2018 11:49 PM   in response to: Rudy Velthuis (... in response to: Rudy Velthuis (...
Rudy Velthuis (TeamB, MVP) wrote:

Wipe it before it is freed.

ehm Rudy, did you read my post? I can't wipe auto-generated hidden variables. They are visible only to the compiler.

Note that you can hook the memory manager
quite easily. GetMem, FreeMem and AllocMem all call hooks. Just chain
them to pass through your code.

And then? The Freemem() hook is called without specifying how many bytes to free. So I can't tell how many bytes to wipe.
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Get size of a memory block when it is freed? [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 14, 2018 8:57 AM   in response to: Arthur Hoornweg in response to: Arthur Hoornweg
Arthur Hoornweg wrote:

And then? The Freemem() hook is called without specifying how many
bytes to free. So I can't tell how many bytes to wipe.

You can if you tap into the size that is already being stored in the
memory block by the memory manager's GetMem() function. Or, you can
augment GetMem() with extra bytes so you can track your own data for
your own FreeMem() to use, if you don't want to rely on the memory
manager's tracking data.

--
Remy Lebeau (TeamB)
Arthur Hoornweg

Posts: 414
Registered: 6/2/98
Re: Get size of a memory block when it is freed? [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 15, 2018 5:41 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Remy Lebeau (TeamB) wrote:

You can if you tap into the size that is already being stored in the
memory block by the memory manager's GetMem() function.

Yes I'm currently looking into that. The disadvantage is that this is highly specific for the memory manager in use and prone to future changes.

Or, you can augment GetMem() with extra bytes so you can track your own data for
your own FreeMem() to use, if you don't want to rely on the memory
manager's tracking data.

That's a nice idea too. But the overhead would quickly add up.
Rudy Velthuis (...


Posts: 7,731
Registered: 9/22/99
Re: Get size of a memory block when it is freed? [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 17, 2018 10:14 AM   in response to: Arthur Hoornweg in response to: Arthur Hoornweg
Arthur Hoornweg wrote:

That's a nice idea too. But the overhead would quickly add up.

Well, if you want to do things like thoroughly clearing all freed
memory, then things can add up indeed. Let your versions of GetMem,
FreeMem and ReallocMem take care of it.

--
Rudy Velthuis http://www.rvelthuis.de

"If there was a god, he wouldn't let a guy walk right up and
shoot you in the face now would he? That's right, now you get
the picture. Truth burns doesn't it?"
-- Henry Rollins
Rudy Velthuis (...


Posts: 7,731
Registered: 9/22/99
Re: Get size of a memory block when it is freed? [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 17, 2018 10:12 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Remy Lebeau (TeamB) wrote:

Arthur Hoornweg wrote:

And then? The Freemem() hook is called without specifying how many
bytes to free. So I can't tell how many bytes to wipe.

You can if you tap into the size that is already being stored in the
memory block by the memory manager's GetMem() function. Or, you can
augment GetMem() with extra bytes so you can track your own data for
your own FreeMem() to use, if you don't want to rely on the memory
manager's tracking data.

Indeed. If you don't want to, or can't access the inner bookkeeping,
then do your own.

--
Rudy Velthuis http://www.rvelthuis.de

"When the water starts boiling it is foolish to turn off the
heat."
-- Nelson Mandela
Rudy Velthuis (...


Posts: 7,731
Registered: 9/22/99
Re: Get size of a memory block when it is freed? [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 17, 2018 10:10 AM   in response to: Arthur Hoornweg in response to: Arthur Hoornweg
Arthur Hoornweg wrote:

Rudy Velthuis (TeamB, MVP) wrote:

Wipe it before it is freed.

ehm Rudy, did you read my post? I can't wipe auto-generated hidden
variables. They are visible only to the compiler.

Then don't make them auto-generated. Assign them. Do not make the
compiler auto-generate hidden strings or interfaces.

--
Rudy Velthuis http://www.rvelthuis.de

"I love talking about the Kennedy assassination. The reason I
do is because I'm fascinated by it. I'm fascinated that our
government could lie to us so blatantly, so obviously for so
long, and we do absolutely nothing about it."
-- Bill Hicks
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02