Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

leak? #95

Closed
core-c opened this issue Dec 20, 2021 Discussed in #78 · 8 comments
Closed

leak? #95

core-c opened this issue Dec 20, 2021 Discussed in #78 · 8 comments
Labels

Comments

@core-c
Copy link

core-c commented Dec 20, 2021

Hi there, Ron here.
Jak sie masz?
Great work hasherezade.. girl power.

scan own working set

When your pe-sieve (static lib) is used to scan the process it is embedded in (current process), then there is that line in scanRemote() that excludes the own working set from being scanned. Can there be an easier way to also include the own working set in the scan? (than to comment out some code).

memory leak?

When a scan is done at regular intervals (some seconds), there is an increase in memory consumption.
In collectExecutableSections(), iterating all the found sections, at some point a new PeSection class is instantiated: remoteSec = new PeSection. But there are cases where remoteSec is discarded (the for-loop continued, or sections[i] = remoteSec not executed).
Also the check if (sec_count == 0) has the possibility to discard remoteSec.
The allocated PeSection memory of the discarded remoteSec instances is never freed. i think..
If i free_unaligned(remoteSec->loadedSection) for any discarded remoteSec, the memory consumption is stable.

Documentation completeness

On the webpage How to add PE sieve to your Visual Studio project you could mention to also add other needed libs, like:
Library Directories (to the directory where the libpeconv.lib is)

Thank you..

@hasherezade
Copy link
Owner

hi! thank you very much for your remarks! I will investigate the possible leak, and fix it soon!

@hasherezade
Copy link
Owner

my last commit should fix the problem. please check it out and let me know.

@core-c
Copy link
Author

core-c commented Dec 20, 2021 via email

@core-c
Copy link
Author

core-c commented Dec 20, 2021 via email

@hasherezade
Copy link
Owner

I am glad it is fixed now!
Regarding the documentation - I added a separate section about adding PE-sieve static library to a Visual Studio project - in which case you need to add additional libraries.
please check it out and let me know your thoughts!

@core-c
Copy link
Author

core-c commented Dec 21, 2021 via email

fengjixuchui referenced this issue in fengjixuchui/pe-sieve Dec 22, 2021
[BUGFIX] Fixed mem leak: not freed remote section (Issue #95)
@hasherezade
Copy link
Owner

hasherezade commented Dec 28, 2021

I appreciate your contribution! The release with the fix is out: https://github.com/hasherezade/pe-sieve/releases/tag/v0.3.2

@hasherezade
Copy link
Owner

Since the leak is resolved, I guess we can close this issue. Other ideas for improvements can be discussed here: https://github.com/hasherezade/pe-sieve/discussions - or in separate issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants