Wednesday, 6 August 2008

Critical Section and Vista Compatibility

There have been a number of questions raised about why ChangeBASE currently does not analyze applications for Critical Section security issues. Referencing the Windows 3.1 Windows Logo certification program and Microsoft's developer handbook, "Critical Section" changes under Vista include the following recommendations;

"Developer Code should always;
Should always initialize critical sections.
Should not read into undocumented objects. Applications that read into the undocumented structures to assess the status of a critical section will most likely break if they are looking for uninitialized and freed critical sections.
Should prevent starvation. Applications that call Sleep while holding the critical section lock now can cause starvation for other threads that need the lock. Sleep calls should be placed after the LeaveCriticalSection call."

To analyze specific Critical Section thread synchronization references (i.e. InitializeCriticalSectionAndSpinCount or EnterCriticalSection ) you must be able to determine the process flow or the logic flow of the software under analysis. And to this, you must run the software and walk through the desired functionality. It is possible to examine file and COM object headers for these types of functions. However, this will generate a significant "over-reporting" issue without actually producing useful information on whether the identified Critical Section functions may cause a problem.

Given that, the impact of this issue is slightly reduced performance issues on multi-threaded applications and the probability of an adverse impact is extremely low, ChangeBASE is currently not including the Critical Section analysis in the Platform Integrity plugin pack.

Further Information on Critical Section code changes can be found at:
http://msdn2.microsoft.com/en-us/library/ms682530.aspx

1 comment:

Chris Jackson said...

"...the impact of this issue is slightly reduced performance issues on multi-threaded applications..."

Actually, the impact is undefined, but possibilities include an AV.

But it would be super hard to detect this statically because the application state is paramount here. However, it's also vanishingly unlikely that you'll run into it in the wild. I've seen uninitialized crit sections cause app issues a grand total of 3 times ever, two of them fixed in the system SDB before Windows Vista shipped. The third the customer just fixed their code.