Про то, как отцепиться и ничего не порушить.
??????? ???????? ? ?????? ??????? ?? ? ???, ??? ??????????, ? ? ???, ??? ?????????? ? ?????? ?? ????????. ? ???????, ???????? ??????? ??????:
We recently saw an AV in stress where our vectored exception handler was called after our dll was unloaded. After investigating the issue, it seems like removing the vectored exception handler does not wait for all users of that exception handler to finish (and does not even remove the exception handler from list for future users if there is one current user). So, there seems to be no way to synchronize removing the exception handler and the dll unloading – any synchronization within the exception handler is useless since the exception thread may be about to call the exception handler.
??????? ?? ????????? ??????? ?????????? ?? ????? ??????????? ????????????, ????????? ???, ??? ????????? ?????????? ?????????? ??? ?????? ????? ????, ??? ???? DLL ???? ????????? ?? ??????. ? ???????? ????????????? ??????????, ???, ??????, ?????? ?????????? ??????????? ?????????? ?? ???????, ???? ??? ???????????? ????? ??????????? ???????? ?????? (? ???? ?? ??????? ?????????? ??? ??????? ?????????????, ???? ?????????? ? ?????? ?????? ????????????). ???, ??????, ??? ?? ?????????? ??????? ???????????????? ?????? ?????????? ??????????? ? ???????? DLL – ????? ????????????? ? ???????? ??????????? ?????????? ??????????, ????????? ?????, ? ??????? ????????? ??????????, ????? ?????? ????????? ??????? ?????????? ??????????.
?????????????, ????????? ??????????? ?????????? ???????????? ????? ?? ??? ????, ??? ??????? (??? ????????? ???????), ??????? ?????????? ??????????? ?????????? ?? ??? ????? SEH ????? ????????? ??????????. ????????? ???????????? ?????? ?????????? ?? ???????????, ?????????????? ? ??????? ??????? AddVectoredExceptionHandler ? AddVectoredContinueHandler. ????????? ???????????? ??????????? ??????????? ?????? ?? ??????, ???? ??? ???????? ??? ??????????? ?? ?????????? ??????? ????????????, ? ??????. ???? ???? ?????? ??? ???????? ? ???????? ????????? ??????????, ?????????? ?????? ?????????? ??? ???????? ?????????.
????? ??????????? ???? ????????, ????? ????????? ????????? ? ?????????????? ??????????? ?????? ????????????. ??????? ?????????? ????? ??????????? ?? ????? ??????, ??????? ???????????? ?? ?????? ?????? ?????????, ? ??????? ?????? ???????????? ????? ?????????? ????????? ???? ??????????, «?????????» ?????? ??????????. ????? ?????? ????? ??? ??????? ??? ????????? ????????:
- ??????????, ?? ???????????, ?????????? ? ?????????????? ????????. ? ???? ??????, ????????, ?????? ???????? ??????, ??? ??? ????????? ?????? ? ??????? ????? ? ?? ????. ??????????, ??? ????????? ????? ?????? ???????????? ??????? ?????. ???, ????? ??????? ??????????? ? ????????????? ??????????, ?? ??? ??? ?????-?? Oracle ??????????. :-)
- ????????????? ??????? ? ?????? ??????? ????????????, ???????? ? ?????? ????????? ??????????.
??? ??????????, ??????? ????????? ?????????? ? ?????? ????????????? ?????, ??? ??? ????? ???????????? ? ???, ??????? ??? ?? ????????????. ??????, ?????????? ???? ????????? (AKA splicing), ????? ????? ????? ? ??????? ?????????? ?? ????? ????????????, ? ??????????? ?????????? ?????????? ? ????????? ?????, ???? ????????? ??????????? ?????????? ?????????? ???????????? ???????. ????????? ????? ????? ??????????? – ?? ??? ??????, ????????? ?? ????????, ??????? ??????? ????????? ??? ???????????? ? ?????? ??????.
? ??? ??? ????????? ??????? ??? ???????????? ???????? ? ????????? ?????????? ????????????
Cross-posted from blog.not-a-kernel-guy.com.