demandvista系统优化
vista系统优化 时间:2021-02-25 阅读:()
WindowsVistaHeapManagementEnhancementsAdrianMarinescuDevelopmentLeadadrmarin@microsoft.
com2AgendaWindowsNTHeapManagementbasicsandevolutionWindowsVistaheap–majormilestone–Developmentprinciplesandguidelines–Securityfeatures–PerformancefeaturesQ&A3IntroductionSecurity–industry-wideconcernTwCdrivingmultiplesecurityinitiativesTheNTHeap–Strategicpointindefense–Improvedtorespondtoindustrytrendsinusage4PartI–Basics5HeapEvolutionTimeNT4NT4/SP4Windows2000XP/SP2Windows2003WindowsVistaBasicsPerformanceOpt-inSMPScalabilityHeapMitigationsEnhancedsecurityPerformanceQualitytoolIndustryWorkloadExploitationParallelism6NTHeapOverviewTheNTMemoryManagerSegmentManagement(forblocks1KNon-dedicatedfreelist(1–512KBytes)Segment1Segment64Segmentarray>512KVirtualBlocksList816>512K8HeapSegmentsSeg.
HB1B2UncommitedspaceBn…ByUncommitedspaceReservedspace9BlockEntryinpriorWindowsNTVersions0:018>dc04392f8004392f8000040002000000010442da6000240e68SizePreviousblocksizetagunusedbytesflagssegmentF-LinkB-Link10RoleofLinkEntryinEarlyExploitsArbitrarypointerwritemovmoveaxeax,DWORDPTR[,DWORDPTR[ecxecx]]movmovecxecx,DWORDPTR[ecx+4],DWORDPTR[ecx+4]movmovDWORDPTR[DWORDPTR[ecxecx],],eaxeaxmovmovDWORDPTR[eax+4],DWORDPTR[eax+4],ecxecxFwdLinkBkLinkValuetowriteLocationtowrite11LookasideListsNon-blockingsingle-linkedlists0-89-16Lookasidelists1016-1024HeaderLinkunusedHeaderLinkunused12TheLowFragmentationHeapArchitectureSMPUnit10-89-16Allocationbuckets1025-108815873-16384AllocationgranularitySMPUnitNSMPUnit1SegmentspoolSegmentspoolSegmentspool13LowFragmentationHeapBlockEntrySub-SegmentFlags…RelativelinkSizeLFHBlockFrees-listSub-Segment…8bytesUserdata14EarlyHeapMitigationsSafeListRemovalEntry->FwdLink->BkLink==Entry->BkLink->FwdLink==Entry8-bitcookietestedonfreeLFHblockentryencodingF(randomnumber,Blockaddress,heap)15ChangeinLandscapeNewexploitingmethodssurfacedChangeinusageoutlook–Memoryusage–IncreaseavailabilityofSMP–Increaserelevanceof64bitcomputingCodequality–higherdemandinindustry16WindowsVistaHeapManagerKeyDevelopmentDirectionsPerformanceandreliabilitySecurityCodequality17WindowsNTHeapRequirements18SecurityCorrectness–like:–Guaranteesrequestedsizes–Lifetimeofallocations–Clearingcontentwhenrequestedetc.
Defenselineinheapbasedexploits:Defenselineinheapbasedexploits:––AttemptstomitigatetheeffectofanattackAttemptstomitigatetheeffectofanattack––MakesdifficulthidingheapMakesdifficulthidingheap--basedexploitsbasedexploits19PerformanceScalefromsmalldevicestolargeserversOptimizedforvariedusagepatternsFollowtheindustrytrend–Memoryusage–IncreaseinSMPavailability–H/Warchitectureadvances20CompatibilityApplicationsmayrelyonthingslike:–Reallocreturningsamepointer–Read/writeafterreleasingablock–Doublefree–Overrunsoverunusedstructuresetc.
Heapchangesmayhaveunintendedeffects,suchas:–Crashes,leaksorbrokenfunctionalityinpoorlywrittenapplications–Severeperformanceregressions21PartII-WindowsVistaHeap22WindowsVistaHeapSecurityFeaturesBlockmetadatarandomizationIntegritycheckonblockentryAlgorithmvariationinresponsetousagepatternRandomrebasingFunctionpointerrandomizationAbruptapplicationterminationonerror23BlockMetadataRandomizationApartoftheheaderisXORdwitharandomvalueLowperformanceimpactShouldmakeguessingtherightvalueimpracticalFlexibleandcontainedalgorithmandimplementationAgileinupdates24EntryIntegrityCheckPrevious8-bitcookiehasbeenrepurposedtovalidatealargerpartoftheheaderValuemayberandomizedalongwiththeotherfieldsValidatedduringinternaloperationstoo25Demo–HeapHeaderLayout26Automatictuning–ShifttoLFHallocationsatarbitrarypointsonruntime–Triggersonvariouspatterns–Involvesalsode-commit/commitpoliciesRuntimeAlgorithmVariation27MoreHeapRandomizationsHeapbaserandomization–thingstoconsider:–Fragmentationoftheapplicationaddressspaceaffectinglargeserverapplications–PossibleperformanceissuesifhigherrandomizationisusedHeapfunctionpointerrandomization–Takesawayaknownplacetofacilitatethecodeexecutionalongwithrebasing28Demo29AbruptTerminationonErrorAnydatainconsistencyorinvalidheapfunctionusagedetectedmaytriggeritThescopeisprocess-wide(anyheapintheprocesshasthesamebehavior)TheprocessisterminatedviaWindowsErrorReportingDetailedinfoisavailableinthedumpfileNofunctionprovidedtodisableitOnbydefaultfor64bitplatforms&apps30TerminationonErrors(cont.
)Programmaticopt-Inmethod(newHeapEnableTerminationOnCorruptionclassdefined)BOOLHeapSetInformation(HANDLEHeapHandle,HEAP_INFORMATION_CLASSHeapInformationClass,PVOIDHeapInformation,SIZE_THeapInformationLength);LargenumberofcomponentswithWindowsVistaareoptedinTheinformationisavailableinadebuggerextension31Demo32NTHeapManager–ImprovesCodeQualityBenefitstoappdevelopersEarlyerrordetectionImproveddebuggingaidtoreducecostofinvestigatingcorruptionsReducedtolerancetomisusageWindowsVistaappswillbemoreresilienttofutureheapchanges33KnownAttackVectors&WindowsVistaRemovedlookasidelistandarrayofliststargetedbypreviousexploitsIntegritycheckonblockmetadatasignificantobstacletobruteforceattacksMostWindowsprocessesterminateonmemoryerrorsDynamic(runtime)changeinheapalgorithmsobstacletoconsistentexploitsHeapstructuresandmemorymgmtchangeslimitportabilityofexploits34SecurityenhancementsareajourneyMitigationsarenotsubstituteforgooddevelopmentpracticesWindowsVistaisjustamilestoneincontinualheapimprovements35WindowsVistaHeapPerf&ReliabilityImprovedscenariosbydefaultfor:SMPscalabilityExternalfragmentationLargeheapsImprovedreferencelocalityon64bitplatformsReducedVirtualAddressexhaustionIncreasedresiliencetopatternsinvolvinglong-termallocations36KeyPerformanceEnhancementsAutomatictuningLowergranularityofcontrolpoliciestoswitchtotheLowFragmentationHeapUseoflazyinitializationRedesignedsegmentmanagementImprovedinternallookupalgorithmsAddressedfragmentationinproblematicscenariosLoweroverheadon64bit37RandomAllocationBenchmark(0-1K)05101520253012345678MillionThreadsOps.
/secWindowsServer2003RecentWindowsVistaRandomAllocationBenchmark(4-8k)0246810121416182012345678MillionThreadsOps.
/secWindowsServer2003RecentWindowsVista38FragmentationTest(512blocks/80bytes)VirtualaddressCost010002000300040005000600070008000Runtime(sec)BytesperleakedbloRecentWindowsVistaWindowsServer2003Committedmemorycost0100200300400500600700800Runtime(sec)BytesperleakedbloRecentWindowsVistaWindowsServer200339FragmentationTest(512blocks/80bytes)Heapperformanceonheapexpansionpattern1(512blocks)(70x)0100000200000300000400000500000600000700000800000Runtime(sec)Ops.
/secRecentWindowsVistaWindowsServer200340FragmentationScenarioIIPatternPatternOps/secOps/sec(Recent(RecentWindowsWindowsVista)Vista)Ops/secOps/sec(Windows(WindowsServerServer2003SP1)2003SP1)ImprovemeImprovementntxx2562576004388663951292770915161441024403774517917204819418025776740968253412687841Memoryfootprinton2GBytesheapexpansion0500100015002000250030003500400045003264128256512102420484096BlocksizeMbytesmemorReservedMemoryInRecentWindowsVistaCommitedMemoryInRecentWindowsVistaReservedMemoryInWindowsServer2003CommitedMemoryInWindowsServer200342SummaryAttacksgetmoresophisticated…Butsodoestheheapmanagement–andnotonlyforsecurityWelaidthefoundationforincreasedagilityinheapimprovementswithreducedcompatibilityrisksImprovedscenariosforSMPandlargememoryusageDesignedtoenhancethecodequalityforapplicationsWearenotyetdone…wearelookingforwardforfurtherenhancementsasneededComeseemewithyourideas!
43ResourcesFeedbackonHeap:heapext@microsoft.
comDebuggingtools:http://www.
microsoft.
com/whdc/devtools/debugging/debugstart.
mspxApplicationVerifier:http://www.
microsoft.
com/downloads/details.
aspxFamilyID=bd02c19c-1250-433c-8c1b-2619bd93b3a2&DisplayLang=en4444secure@microsoft.
comThispresentationisforinformationalpurposesonly.
Microsoftmakesnowarranties,expressorimplied,inthissummary.
com2AgendaWindowsNTHeapManagementbasicsandevolutionWindowsVistaheap–majormilestone–Developmentprinciplesandguidelines–Securityfeatures–PerformancefeaturesQ&A3IntroductionSecurity–industry-wideconcernTwCdrivingmultiplesecurityinitiativesTheNTHeap–Strategicpointindefense–Improvedtorespondtoindustrytrendsinusage4PartI–Basics5HeapEvolutionTimeNT4NT4/SP4Windows2000XP/SP2Windows2003WindowsVistaBasicsPerformanceOpt-inSMPScalabilityHeapMitigationsEnhancedsecurityPerformanceQualitytoolIndustryWorkloadExploitationParallelism6NTHeapOverviewTheNTMemoryManagerSegmentManagement(forblocks1KNon-dedicatedfreelist(1–512KBytes)Segment1Segment64Segmentarray>512KVirtualBlocksList816>512K8HeapSegmentsSeg.
HB1B2UncommitedspaceBn…ByUncommitedspaceReservedspace9BlockEntryinpriorWindowsNTVersions0:018>dc04392f8004392f8000040002000000010442da6000240e68SizePreviousblocksizetagunusedbytesflagssegmentF-LinkB-Link10RoleofLinkEntryinEarlyExploitsArbitrarypointerwritemovmoveaxeax,DWORDPTR[,DWORDPTR[ecxecx]]movmovecxecx,DWORDPTR[ecx+4],DWORDPTR[ecx+4]movmovDWORDPTR[DWORDPTR[ecxecx],],eaxeaxmovmovDWORDPTR[eax+4],DWORDPTR[eax+4],ecxecxFwdLinkBkLinkValuetowriteLocationtowrite11LookasideListsNon-blockingsingle-linkedlists0-89-16Lookasidelists1016-1024HeaderLinkunusedHeaderLinkunused12TheLowFragmentationHeapArchitectureSMPUnit10-89-16Allocationbuckets1025-108815873-16384AllocationgranularitySMPUnitNSMPUnit1SegmentspoolSegmentspoolSegmentspool13LowFragmentationHeapBlockEntrySub-SegmentFlags…RelativelinkSizeLFHBlockFrees-listSub-Segment…8bytesUserdata14EarlyHeapMitigationsSafeListRemovalEntry->FwdLink->BkLink==Entry->BkLink->FwdLink==Entry8-bitcookietestedonfreeLFHblockentryencodingF(randomnumber,Blockaddress,heap)15ChangeinLandscapeNewexploitingmethodssurfacedChangeinusageoutlook–Memoryusage–IncreaseavailabilityofSMP–Increaserelevanceof64bitcomputingCodequality–higherdemandinindustry16WindowsVistaHeapManagerKeyDevelopmentDirectionsPerformanceandreliabilitySecurityCodequality17WindowsNTHeapRequirements18SecurityCorrectness–like:–Guaranteesrequestedsizes–Lifetimeofallocations–Clearingcontentwhenrequestedetc.
Defenselineinheapbasedexploits:Defenselineinheapbasedexploits:––AttemptstomitigatetheeffectofanattackAttemptstomitigatetheeffectofanattack––MakesdifficulthidingheapMakesdifficulthidingheap--basedexploitsbasedexploits19PerformanceScalefromsmalldevicestolargeserversOptimizedforvariedusagepatternsFollowtheindustrytrend–Memoryusage–IncreaseinSMPavailability–H/Warchitectureadvances20CompatibilityApplicationsmayrelyonthingslike:–Reallocreturningsamepointer–Read/writeafterreleasingablock–Doublefree–Overrunsoverunusedstructuresetc.
Heapchangesmayhaveunintendedeffects,suchas:–Crashes,leaksorbrokenfunctionalityinpoorlywrittenapplications–Severeperformanceregressions21PartII-WindowsVistaHeap22WindowsVistaHeapSecurityFeaturesBlockmetadatarandomizationIntegritycheckonblockentryAlgorithmvariationinresponsetousagepatternRandomrebasingFunctionpointerrandomizationAbruptapplicationterminationonerror23BlockMetadataRandomizationApartoftheheaderisXORdwitharandomvalueLowperformanceimpactShouldmakeguessingtherightvalueimpracticalFlexibleandcontainedalgorithmandimplementationAgileinupdates24EntryIntegrityCheckPrevious8-bitcookiehasbeenrepurposedtovalidatealargerpartoftheheaderValuemayberandomizedalongwiththeotherfieldsValidatedduringinternaloperationstoo25Demo–HeapHeaderLayout26Automatictuning–ShifttoLFHallocationsatarbitrarypointsonruntime–Triggersonvariouspatterns–Involvesalsode-commit/commitpoliciesRuntimeAlgorithmVariation27MoreHeapRandomizationsHeapbaserandomization–thingstoconsider:–Fragmentationoftheapplicationaddressspaceaffectinglargeserverapplications–PossibleperformanceissuesifhigherrandomizationisusedHeapfunctionpointerrandomization–Takesawayaknownplacetofacilitatethecodeexecutionalongwithrebasing28Demo29AbruptTerminationonErrorAnydatainconsistencyorinvalidheapfunctionusagedetectedmaytriggeritThescopeisprocess-wide(anyheapintheprocesshasthesamebehavior)TheprocessisterminatedviaWindowsErrorReportingDetailedinfoisavailableinthedumpfileNofunctionprovidedtodisableitOnbydefaultfor64bitplatforms&apps30TerminationonErrors(cont.
)Programmaticopt-Inmethod(newHeapEnableTerminationOnCorruptionclassdefined)BOOLHeapSetInformation(HANDLEHeapHandle,HEAP_INFORMATION_CLASSHeapInformationClass,PVOIDHeapInformation,SIZE_THeapInformationLength);LargenumberofcomponentswithWindowsVistaareoptedinTheinformationisavailableinadebuggerextension31Demo32NTHeapManager–ImprovesCodeQualityBenefitstoappdevelopersEarlyerrordetectionImproveddebuggingaidtoreducecostofinvestigatingcorruptionsReducedtolerancetomisusageWindowsVistaappswillbemoreresilienttofutureheapchanges33KnownAttackVectors&WindowsVistaRemovedlookasidelistandarrayofliststargetedbypreviousexploitsIntegritycheckonblockmetadatasignificantobstacletobruteforceattacksMostWindowsprocessesterminateonmemoryerrorsDynamic(runtime)changeinheapalgorithmsobstacletoconsistentexploitsHeapstructuresandmemorymgmtchangeslimitportabilityofexploits34SecurityenhancementsareajourneyMitigationsarenotsubstituteforgooddevelopmentpracticesWindowsVistaisjustamilestoneincontinualheapimprovements35WindowsVistaHeapPerf&ReliabilityImprovedscenariosbydefaultfor:SMPscalabilityExternalfragmentationLargeheapsImprovedreferencelocalityon64bitplatformsReducedVirtualAddressexhaustionIncreasedresiliencetopatternsinvolvinglong-termallocations36KeyPerformanceEnhancementsAutomatictuningLowergranularityofcontrolpoliciestoswitchtotheLowFragmentationHeapUseoflazyinitializationRedesignedsegmentmanagementImprovedinternallookupalgorithmsAddressedfragmentationinproblematicscenariosLoweroverheadon64bit37RandomAllocationBenchmark(0-1K)05101520253012345678MillionThreadsOps.
/secWindowsServer2003RecentWindowsVistaRandomAllocationBenchmark(4-8k)0246810121416182012345678MillionThreadsOps.
/secWindowsServer2003RecentWindowsVista38FragmentationTest(512blocks/80bytes)VirtualaddressCost010002000300040005000600070008000Runtime(sec)BytesperleakedbloRecentWindowsVistaWindowsServer2003Committedmemorycost0100200300400500600700800Runtime(sec)BytesperleakedbloRecentWindowsVistaWindowsServer200339FragmentationTest(512blocks/80bytes)Heapperformanceonheapexpansionpattern1(512blocks)(70x)0100000200000300000400000500000600000700000800000Runtime(sec)Ops.
/secRecentWindowsVistaWindowsServer200340FragmentationScenarioIIPatternPatternOps/secOps/sec(Recent(RecentWindowsWindowsVista)Vista)Ops/secOps/sec(Windows(WindowsServerServer2003SP1)2003SP1)ImprovemeImprovementntxx2562576004388663951292770915161441024403774517917204819418025776740968253412687841Memoryfootprinton2GBytesheapexpansion0500100015002000250030003500400045003264128256512102420484096BlocksizeMbytesmemorReservedMemoryInRecentWindowsVistaCommitedMemoryInRecentWindowsVistaReservedMemoryInWindowsServer2003CommitedMemoryInWindowsServer200342SummaryAttacksgetmoresophisticated…Butsodoestheheapmanagement–andnotonlyforsecurityWelaidthefoundationforincreasedagilityinheapimprovementswithreducedcompatibilityrisksImprovedscenariosforSMPandlargememoryusageDesignedtoenhancethecodequalityforapplicationsWearenotyetdone…wearelookingforwardforfurtherenhancementsasneededComeseemewithyourideas!
43ResourcesFeedbackonHeap:heapext@microsoft.
comDebuggingtools:http://www.
microsoft.
com/whdc/devtools/debugging/debugstart.
mspxApplicationVerifier:http://www.
microsoft.
com/downloads/details.
aspxFamilyID=bd02c19c-1250-433c-8c1b-2619bd93b3a2&DisplayLang=en4444secure@microsoft.
comThispresentationisforinformationalpurposesonly.
Microsoftmakesnowarranties,expressorimplied,inthissummary.
- demandvista系统优化相关文档
- 阵列vista系统优化
- 成像vista系统优化
- 接口vista系统优化
- 设置vista系统优化
- designedvista系统优化
- 映像vista系统优化
HostKvm($4.25/月)俄罗斯/香港高防VPS
HostKvm又上新了,这次上架了2个线路产品:俄罗斯和香港高防VPS,其中俄罗斯经测试电信CN2线路,而香港高防VPS提供30Gbps攻击防御。HostKvm是一家成立于2013年的国外主机服务商,主要提供基于KVM架构的VPS主机,可选数据中心包括日本、新加坡、韩国、美国、中国香港等多个地区机房,均为国内直连或优化线路,延迟较低,适合建站或者远程办公等。俄罗斯VPSCPU:1core内存:2G...
IMIDC彩虹数据:日本站群多ip服务器促销;30Mbps带宽直连不限流量,$88/月
imidc怎么样?imidc彩虹数据或彩虹网络现在促销旗下日本多IP站群独立服务器,原价159美元的机器现在只需要88美元,而且给13个独立IPv4,30Mbps直连带宽,不限制月流量!IMIDC又名为彩虹数据,rainbow cloud,香港本土运营商,全线产品都是商家自营的,自有IP网络资源等,提供的产品包括VPS主机、独立服务器、站群独立服务器等,数据中心区域包括香港、日本、台湾、美国和南非...
PhotonVPS:$4/月,KVM-2GB/30GB/2TB/洛杉矶&达拉斯&芝加哥等
很久没有分享PhotonVPS的消息,最近看到商家VPS主机套餐有一些更新所以分享下。这是一家成立于2008年的国外VPS服务商,Psychz机房旗下的站点,主要提供VPS和独立服务器等,数据中心包括美国洛杉矶、达拉斯、芝加哥、阿什本等。目前,商家针对Cloud VPS提供8折优惠码,优惠后最低2G内存套餐每月4美元起。下面列出几款主机配置信息。CPU:1core内存:2GB硬盘:30GB NVm...
vista系统优化为你推荐
-
fontfamilyCSS的font-family中family-name和generic-family区别快递打印如何快递打印快递单淘宝收费淘宝要收费吗?在线漏洞检测漏洞扫描工具有哪些怎么在qq空间里添加背景音乐怎么在QQ空间里插入背景音乐??淘宝店推广如何推广淘宝店bt封杀为什么现在网上许多BT下载都被封了?网站优化方案网站优化方案怎么写?防钓鱼什么是IP防钓鱼和域名防钓鱼?南北互通上海南北高架和中环互通吗?