DLL_PROCESS_ATTACH Deadlock

最新推荐文章于 2025-01-02 17:54:43 发布
转载 最新推荐文章于 2025-01-02 17:54:43 发布 · 234 阅读 · 0 ·
CC 4.0 BY-SA版权
原文链接:http://www.cnblogs.com/taoxu0903/archive/2009/07/05/1517337.html
文章标签:

#开发工具 #runtime #php

本文探讨了Windows DLL加载器中DLL_PROCESS_ATTACH事件可能导致的死锁问题,特别是在调用需要同步的函数时。作者建议避免在此阶段进行任何可能引起同步操作的行为。

转载自:http://blogs.msdn.com/mgrier/archive/2005/06/21/431378.aspx

另一篇:http://www.osronline.com/ddkx/ddtools/dv_8pkj.htm

The NT DLL Loader: DLL callouts (DllMain) - DLL_PROCESS_ATTACH deadlocks

The Windows DLL loader (I wasn't around then but I assume some of this even comes from the days of 16-bit Windows) has a feature where a DLL may have an "entry point".

If a DLL has an entry point, the loader calls into it on certain significant events.  These events have identifiers associated with them:

  • DLL_PROCESS_ATTACH
  • DLL_PROCESS_DETACH
  • DLL_THREAD_ATTACH
  • DLL_THREAD_DETACH

I'm not going to talk about the thread callouts any time soon; they probably don't do what you expect them to do so for the most part you should call the function DisableThreadLibraryCalls() in your DLL_PROCESS_ATTACH to save extra page faults when threads come and go.

The apparent contract for DLL_PROCESS_ATTACH is that it is called before any code in your DLL can be called.  Sounds like a nice place to do one-time initialization that couldn't be static for some reason.

Note that I said "apparent".  Due to the previous articles, if you are involved in a cycle, you can have your code called before your DLL_PROCESS_ATTACH callout has been issued.  Maybe you're lucky and you've never been hit by this.  There are a lot of lucky people out there.

I'm going to paint a contractual picture here, assuming no cycles are involved.

Presumably if one thread is in the middle of calling your DLL_PROCESS_ATTACH, any other thread that wants to access the exports of your DLL has to block waiting for you to finish your initialization.  Let's call this the "mythical loader lock".  Maybe it's not so mythical and we can discuss/debate the scope of the synchronization (all DLLs, only the DLLs waiting to initialize, what about cycles?) but let's work out the invariants of the contract before we get too hung up on implementation details.

Thus the first problem with DLL_PROCESS_ATTACH processing is deadlocks.  A great example of this is calling CreateThread() inside your own DLL_PROCESS_ATTACH to start a thread running code for your DLL.  Clearly the new thread can't start running your code until you have finished your DLL_PROCESS_ATTACH because otherwise we would be breaking the contract.  Thus the new thread has to wait for you to exit your DllMain().  Maybe that's OK; if it can just suspend waiting for you to finish up, maybe it fired up and immediately had to block waiting for synchronization but if it doesn't happen too frequently, you can survive this.

But now imagine that you do something nifty and useful in that worker thread.  Someday someone comes along and wants to queue a work item to that thread and wait for it to complete.  Boom.  Insta-deadlock.

That's an easy example, but basically the rule is this:

Calling any function from within your DLL_PROCESS_ATTACH which requires synchronization can deadlock.

Obviously it doesn't have to deadlock; a lot of folks get away with a lot of bad stuff.  They're getting lucky for the most part.

A great example is the process heap.  Did you know that you can lock it?  You can!  You can probably have a lot of fun by calling HeapLock(GetProcessHeap())?  Why would you do that?  I don't know!  Who can know?  Can we stop it?  People want to but just wait for the black helicopter crowd to show up saying that it's really a collusion/conspiracy to get people to upgrade software on Windows.

If someone locks it (or maybe calls HeapWalk on the process heap which I assume locks it for the duration of the walk) and then calls into the loader... well... boom.  You're deadlocked.

Those are two easy cases.  Clearly you can deadlock in additional ways (RPC calls to another process or machine which have to reenter your process on a different thread which then might need the Mythical Loader Lock) and being creative with things like the thread pool, windows messages, etc. you can come up with a million variations on the theme.

Thus, DLL_PROCESS_ATTACH rule #1:

Don't do anything that requires synchronization.  Currently, even heap allocation is suspect.

Published Tuesday, June 21, 2005 9:48 PM by mgrier

Comments

# re: The NT DLL Loader: DLL callouts (DllMain) - DLL_PROCESS_ATTACH deadlocks
Wednesday, June 22, 2005 1:19 AM by Heath Stewart
A good rule of thumb is to not do anything. Windows Script has suffered a few times because automation objects weren't released before the host shuts down the script engine. GC'ing those objects may also unload DLLs, like we see in managed code. Violá - deadlock. It's all tricky business when considering what can and can't be done in DllMain, so as little as possible should be done - if anything.
# re: The NT DLL Loader: DLL callouts (DllMain) - DLL_PROCESS_ATTACH deadlocks
Wednesday, June 22, 2005 9:34 AM by Russ Osterlund
Although a tad "dated", people might want to check out my notes on the loader lock in Windows SP (SP1) located at www.smidgeonsoft.com. This is a collection of notes and references to the loader lock found by searching the system DLLs. It is interesting to note that there are two exported NTDLL functions, LdrLockLoaderLock and LdrUnlockLoaderLock, that make life "interesting".
# re: The NT DLL Loader: DLL callouts (DllMain) - DLL_PROCESS_ATTACH deadlocks
Wednesday, June 22, 2005 10:33 AM by LarryOsterman
*Makes a note to self: File a bug to have those exports removed*

I hope to heaven above that nobody EVER uses those exports.

This is a HIDEOUSLY, HORRIBLE, AWFUL, HIENOUS idea.

It's also not recommended.

Please don't go there.
# re: The NT DLL Loader: DLL callouts (DllMain) - DLL_PROCESS_ATTACH deadlocks
Wednesday, June 22, 2005 2:17 PM by mgrier
I added those exports because instead, people were using an even worse hack to lock the loader lock in various DLLs around the system.

At least this way we can set a breakpoint on the lock call.

These are, of course, undocumented and for internal use only and will go away someday. It was better than the pointer swizzling people were doing.
# re: The NT DLL Loader: DLL callouts (DllMain) - DLL_PROCESS_ATTACH deadlocks
Wednesday, June 22, 2005 4:33 PM by Mike Dimmick
I'll add, don't put global objects of a class that has a constructor or destructor in a DLL. Global objects get constructed by DllMainCRTStartup (the actual entry point if you're going to use the C/C++ runtime) in response to DLL_PROCESS_ATTACH and destroyed in response to DLL_PROCESS_DETACH.

So the same rules apply to these global objects as to DllMain itself.
# re: The NT DLL Loader: DLL callouts (DllMain) - DLL_PROCESS_ATTACH deadlocks
Wednesday, June 22, 2005 5:05 PM by mgrier
I'm gettin' there... I'm gettin' there... people usually do not believe that the restrictions are real so I'm making sure that there is plenty of either obvious behavior of behavior which can be justified based strictly on documented public behavior which will quantify exactly what the dangerous patterns are.
# re: The NT DLL Loader: DLL callouts (DllMain) - DLL_PROCESS_ATTACH deadlocks
Wednesday, June 22, 2005 9:17 PM by Norman Diamond
Wednesday, June 22, 2005 4:33 PM by Mike Dimmick

> I'll add, don't put global objects of a
> class that has a constructor or destructor
> in a DLL.

I have a feeling I've seen that warning before. But one place I _haven't_ seen it is in the output of a VC++ compiler. Anyone know why not? Compilers know when they're building DLLs and they know when the source code has global objects with constructors or destructors, so compilers ought to know that the programmer needs to be warned.
# re: The NT DLL Loader: DLL callouts (DllMain) - DLL_PROCESS_ATTACH deadlocks
Wednesday, June 22, 2005 10:10 PM by mgrier
There is hope for C++ global object construction if we could nix the idea of data exports.

When we get to the phase about talking about the ramifications of DLL_PROCESS_DETACH, we'll see that it's actually the rundown that's harder to solve.
# re: The NT DLL Loader: DLL callouts (DllMain) - DLL_PROCESS_ATTACH deadlocks
Tuesday, June 28, 2005 11:17 AM by Ron Hancock
Apologies but I really don't have that much idea of the detail that is being discussed. However I have just experienced a problem that I can not remove and it appears relevant to the general discussion. I use Win 2000 Pro (with all updates) and I am now getting the following error message during boot:

"The procedure entry point LdrLockLoaderLock could not be located in the dynamic link library ntdll.dll"

The header on the error mentions ctfmon.exe at this point but I also get a similar error from all sorts of other applications.

And now the question. Having got this how do I get rid of it? I was running synchronization but have turned this off.

If you can help I'd be very grateful. I'm fairly clued in on using PCs but I am not a programmer.
# re: The NT DLL Loader: DLL callouts (DllMain) - DLL_PROCESS_ATTACH deadlocks
Tuesday, June 28, 2005 2:14 PM by mgrier
That executable requires a feature that is present only on Windows XP and later. It cannot run on Windows 2000.
# re: The NT DLL Loader: DLL callouts (DllMain) - DLL_PROCESS_ATTACH deadlocks
Tuesday, June 28, 2005 6:00 PM by Seth McCarus
"Don't do anything that requires synchronization. Currently, even heap allocation is suspect."

MSDN explicitly allows InitializeCriticalSection in DllMain, but I'm pretty sure that allocates heap memory...
# re: The NT DLL Loader: DLL callouts (DllMain) - DLL_PROCESS_ATTACH deadlocks
Tuesday, June 28, 2005 7:51 PM by mgrier
Re: InitializeCriticalSection() allocating heap:

Only on chk builds or if the app verifier is on. On the other hand, do the docs say "does not take any additional synchronization or make callbacks forever into the future?"?

I'm just saying it's suspect. As long as someone hasn't called HeapWalk(), most of the process default heap's allocations actually come from lookaside lists which don't acquire the heap's lock in any case (which possibly violates the HeapLock() contract...) and so would never deadlock.

As in the theme for my blog, this probably works 99.9% of the time. Is that OK? Do you want to fly on a plane that's run by a control system that's 99.9% reliable or do you want to pay for a few more 9s? How about your banking? Email? online RPG? Online picture archives?
# re: The NT DLL Loader: DLL callouts (DllMain) - DLL_PROCESS_ATTACH deadlocks
Sunday, July 10, 2005 6:22 PM by Eugene Gershnik
> for the most part you should call the
> function DisableThreadLibraryCalls() in your > DLL_PROCESS_ATTACH to save extra page faults
> when threads come and go.

Isn't this a bad advice for folks that use statically linked C runtime? AFAIK it cleans up its per-thread data structures on thread detach notifications.
# mgrier s WebLog The NT DLL Loader DLL callouts DllMain | pool toys
Thursday, June 18, 2009 4:53 AM by mgrier s WebLog The NT DLL Loader DLL callouts DllMain | pool toys

PingBack from http://pooltoysite.info/story.php?id=6115

转载于:https://www.cnblogs.com/taoxu0903/archive/2009/07/05/1517337.html

Delphi中DLL初始化和退出处理DLL_Process_Attach
weixin_33895695的博客
04-03 1268
2019独角兽企业重金招聘Python工程师标准>>> ...
不要在dll及ocx的CXXXApp::InitInstance中调用创建线程及关闭线程的操作
u013506600的专栏
01-24 2111
问题: 写了个ocx控件,然后在ocx控件注册时注册成功了,但regsvr32还在进程管理器中。 分析后发现在注册ocx控件时,ocx控件的代码CXXXApp::InitInstance会被调用,注册完后CXXXApp::ExitInstance会被调用。 由于在ExitInstance中调用退出线程,并等待线程退出的代码,死锁了,所以regsvr32卡死在进程管理器了。 条件1:
DLL的进入退出——由DLL_PROCESS_ATTACH而联系搜索起来。
WINCOL的专栏
05-22 3388
线程可以调用GetModuleHandle函数来判断一个DLL是否被载入了进程的地址空间,   HINSTANCE GetModuleHandle(LPCTSTR lpszModuleName);   例子:   HINSTANCE hinstDLL;   hinstDLL = GetModuleHandle(“SomeDLL.dll”);   If (hi
DLL_PROCESS_ATTACH通知
tomorrowsprogress的专栏
09-24 9648
(15) DLL_PROCESS_ATTACH通知当DLL被初次映射到进程的地址空间中时,系统将调用该DLLDllMain函数,给它传递参数fdwReason的值DLL_PROCESS_ATTACH。只有当DLL的文件映像初次被映射时,才会出现这种情况。如果线程在后来为已经映射到进程的地址空间中的DLL调用LoadLibrary(Ex)函数,那么操作系统只是递增DLL的使用计数,它并不再次用DL
自己翻阅的-TLS-DLL使用中要注意的DLL_PROCESS_ATTACH
whowho的专栏
04-02 983
#include "stdafx.h" #include DWORD dwTlsIndex; int iNum=100; void fuckmsg() {  TCHAR szBuffer[50] = {0};  DWORD dwThreadID;  int lpNum=(int)TlsGetValue(dwTlsIndex);  lpNum++;  dwThreadID =
关于Dll
輚至消亡
03-15 2479
Dll(动态链接库)的加载分为2种: 静态加载 动态加载 首先来看一个Dll的例子: 上面3张图分别是main.cpp, Test.h以及Test.cpp。其编译连接后生成了一个名为Sample.dll以及对应的Sample.lib导入库。 静态加载是通过如下几种方式使用: 首先可以通过#pragma comment语句来静态使用dll 或者可以通过在项目属性中的附加依赖项添加对应的导入库来静态使用 这种情况下就无需#pragma comment语句了 ...
Key Points 1. Purpose: DllMainis the optional entry point for DLLs in Windows. It's called by the system when processes/threads attach/detach from the DLL. 2. Current Behavior: This implementation does absolutely nothing - it just returns TRUEfor all cases. 3. Common Use Cases (missing here): o Initialize global variables o Create synchronization objects o Allocate resources o Register window classes o Set up thread-local storage 4. Important Warnings: o Don't call LoadLibrary/FreeLibrary inside DllMain(deadlock risk) o Avoid complex operations - keep it simple and fast o Be thread-safe - multiple threads can call simultaneously o Don't use C runtime library functions that require initialization Improved Version with Basic Safety
最新发布
12-15
以下是一个改进版的 `DllMain` 函数示例,它实现了基本的安全性,包含初始化全局变量、创建同步对象等功能,同时避免了死锁和复杂...- 确保在 `DLL_PROCESS_DETACH` 中清理所有在 `DLL_PROCESS_ATTACH` 中创建的资源。
DLLMain的入口函数不能创建新线程
a949308398的专栏
11-13 2414
微软官方有解释: PRB: Cannot Create an MFC Thread During DLL Startup SYMPTOMS An MFC DLL that creates a new MFC thread during startup hangs when loaded by an application. This includes whenever a thr
Frida源码阅读-frida-gum-插桩原理
samli的博客
01-02 1799
Frida 通过“Hooking”技术,即插入自定义的代码到目标应用程序的特定部分(如函数、方法或处理流程),来监控和修改应用程序的运行。关于ptrace,是 Linux 提供的一种系统调用,允许一个进程观察和控制另一个进程的执行,读写其内存,甚至改变其寄存器等状态。利用Frida不仅可以探测应用程序的行为(例如监控特定函数的调用),还可以在运行时修改应用程序的行为,如改变函数的执行逻辑,或者直接修改内存中的数据。,大佬的分析写的非常详细,不再次赘述,只贴一下代码阅读时的备注;
Hotspot学习利器:HSDB和CLHSDB
菜鸟进阶之路
08-05 3968
目录 一、HSDB 1、测试用例: 2、Java Threads窗口 3、Tools 选项 4、windows选项 二、CLHSDB 1、threads和thread 2、classes和class 3、inspect 4、 jstack 5、universe 6、scanoops 7、revptrs 8、mem 9、print 10、where 11...
zz DLL 编写教程
03-14 1025
DLL的优点 简单的说,dll有以下几个优点: 1) 节省内存。同一个软件模块,若是以源代码的形式重用,则会被编译到不同的可执行程序中,同时运行这些exe时这些模块的二进制码会被重复加载到内存中。如果使用dll,则只在内存中加载一次,所有使用该dll的进程会共享此块内存(当然,像dll中的全局变量这种东西是会被每个进程复制一份的)。 2) 不需编译的软件系统升级,若一个软件系统使用了dll,则该
windows:加载dll时的DLLMain介绍
Bobowen的博客
07-19 2613
在实际开发中,通常情况下,系统自带的初始化和清理机制(如全局变量初始化和析构、自动内存管理等)已经足够。然而,有些特定场景下,需要开发者自己在DllMain中处理和。以下是一些可能的情况:线程本地存储(TLS)当需要在每个线程中维护独立的数据(如线程本地存储),必须手动进行线程初始化和清理。例如,多线程日志记录、线程特定的配置等。示例:每个线程都有独立的日志文件句柄或配置对象。资源管理当需要在DLL加载时分配全局资源(如文件句柄、网络连接)并在卸载时释放这些资源时,必须手动进行初始化和清理。示例。
c++注入dll调用call
qq_59848320的博客
05-09 2803
这个函数很简单,里面内嵌的汇编代码,用来调用test的call,首先我们申明一个a=2,和一个引用类型r。这个可以和上面拿到的汇编进行对比,这个是按照c语言的调用约定来的,这个push的顺序是不能变的哈,后面直接调用call。不出意外的话,应该会弹出两个窗口,一个是注入成功窗口,一个是输出基址的窗口。我们想调用test函数,就必须知道这个函数在内存的地址,但是每次重启电脑,地址都是变化的。我们的目标是在dll调用到test.exe的test函数,这个dll还没有达到我们的目标,我们还需要继续完善。
dll的一些常识
物知馆
05-30 874
1、若显式载入DLL,则当系统第一次调用Library时,进程会将Dll映射到进程的地址空间,并触发DLL_PROCESS_ATTACH事件; 2、若DLL_PROCESS_ATTACH事件返回ture,则表示调用LoadLibrary成功,反之则失败,特别需要注意的是,在这种情况下是没有DLL_PROCESS_DETACH事件触发的; 3、在调用FreeLibrary时,会触发DllMain
DLL文件_DLLMain函数详解
weixin_46967682的博客
10-01 7169
目录**CODE**1.DLLMain函数类型-APIENTRY CODE //核心的入口函数,动态链接库入口函数 BOOL APIENTRY DllMain( HMODULE hModule, //APIENTRY可以换成WINAPI或者_stdcall 是一种调用约定 DWORD ul_reason_for_call, LPVOID lpReserved )
DllMain函数详解
人生代码,代码人生。。。
03-07 2206
1.1  DllMain简介 跟exe有个main或者WinMain入口函数一样,DLL也有一个入口函数,就是DllMain。以“DllMain”为关键字,来看看MSDN帮助文档怎么介绍这个函数的。 The DllMain function is an optional method of entry into a dynamic-link library (DLL)。(简要翻译:对于一个Dl
DllMain详解
热门推荐
许振坪的专栏
06-02 3万+
DllMain详解源码下载:       DLL – 动态链接库       DllMainTest – 测试DLLDllMain1  DLL的进入/退出函数1.1  DllMain简介跟exe有个main或者WinMain入口函数一样,DLL也有一个入口函数,就是DllMain。以“DllMain”为关键字,来看看MSDN帮助文档怎么介绍这个函数的。The DllM
DLL线程注入呼出窗口的问题和解决
织梦行云
08-20 5169
问题已经解决了,我那样做是可以的,但是要在DLL_PROCESS_ATTACH下另开新线程,然后在新线程中调用钩子,而且在设置了SetWindowsHookEx后,要添加消息循环队列的处理代码部分,如下:      g_hKey = SetWindowsHookEx(WH_KEYBOARD, KeyboardProc, g_hInstDLL, dwThreadID); if(g_hKey =
DLL的远程注入及卸载技术详解
lithe的Blog
10-14 3609
 DLL的远程注入技术是目前Win32病毒广泛使用的一种技术。使用这种技术的病毒体通常位于一个DLL中,在系统启动的时候,一个EXE程序会将这个DLL加载至某些系统进程(如Explorer.exe)中运行。这样一来,普通的进程管理器就很难发现这种病毒了,而且即使发现了也很难清除,因为只要病毒寄生的进程不终止运行,那么这个DLL就不会在内存中卸载,用户也就无法在资源管理器中删除这个DLL文件,真可谓
innodb_deadlock_detect如何开启
04-01
<think>好的,用户问的是如何在MySQL中启用innodb_deadlock_detect配置。首先,我需要确认这个参数的作用和默认值。根据引用[3],这个参数的默认值是on,也就是启用的。但可能用户想确认如何手动设置或者检查当前状态。 接下来,我应该分步骤说明如何启用。通常MySQL的配置可以通过设置全局变量或者修改配置文件。动态设置的话,使用SET GLOBAL命令,但需要SUPER权限。另外,修改my.cnf或my.ini文件可以让配置永久生效。 还要提到如果用户想关闭死锁检测,可以设置为off,但需要注意这时候innodb_lock_wait_timeout会起作用。同时,需要提醒用户权限问题,以及修改配置文件后重启MySQL服务的重要性。 可能用户遇到死锁问题,想确保检测是否开启。所以需要包括检查当前值的步骤,比如SHOW VARIABLES命令。 另外,引用[3]提到启用innodb_deadlock_detect后,死锁会立即回滚,否则依赖超时。这部分信息对用户理解配置的影响很重要,应该在回答中说明。 需要确保回答清晰,步骤明确,并引用相关的参考资料,比如引用[3]和引用[4]中的链接,供用户进一步阅读。</think>要在MySQL中启用InnoDB死锁检测功能,可通过以下步骤实现: ### 配置步骤说明 1. **查看当前状态** 执行SQL命令查看当前配置: ```sql SHOW VARIABLES LIKE 'innodb_deadlock_detect'; ``` 若返回值为`ON`则表示已启用[^3]。 2. **动态启用(无需重启)** 拥有`SUPER`权限的用户可通过全局变量临时启用: ```sql SET GLOBAL innodb_deadlock_detect = ON; ``` 这种方式会立即生效但重启后失效。 3. **永久生效配置** 修改MySQL配置文件`my.cnf`(Linux)或`my.ini`(Windows),在`[mysqld]`段添加: ```ini innodb_deadlock_detect = ON ``` 修改后需重启MySQL服务使配置永久生效。 4. **相关参数说明** - 当`innodb_deadlock_detect=ON`时(默认值),检测到死锁会立即回滚事务 - 若设置为`OFF`,则依赖`innodb_lock_wait_timeout`参数处理锁冲突[^3] ### 注意事项 - 此功能仅作用于InnoDB行级锁,无法检测表级锁造成的死锁[^1][^2] - 建议配合事务隔离级别调整和索引优化来减少死锁发生概率 - 完整的InnoDB锁机制分析可参考锁兼容性矩阵[^4]
评论
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符  | 博主筛选后可见
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值