Tuesday 12 August 2008

API calls that break applications

As mentioned in the Microsoft Compatibility tool-kit, the Developer cookbook and Microsoft Developer Network (MSDN - see references below) Safe Exception handling under Vista refers to the deprecation (end of support) for two API's under Vista, Windows 2003 and Windows Longhorn Server. These two API's (IsBadReadPtr and IsBadWritePtr)

relate to the handling of pointer to the global memory stack used by Windows.

These two API calls are used ensure that a particular pointer (or memory handle) is properly committed to the Windows Heap stack. Meaning that the code in question has not cased a corruption in the Windows swap file or memory stack. These two calls were intended for debugging purposes and known affectionately as "CrashMyApplication" and "CrashMyApplicationAndMyMemory" respectively as they had a very common habit of crashing an application under debug and trace conditions.

Microsoft has removed support for the two API's for security reasons and Windows Vista and Longhorn server will no longer support these API's. It is possible to determine if these calls are included in shipped software but unless the application is tested thoroughly and all functionality is tested, it is impossible to determine if these calls are actually employed and potentially could cause a compatibility issue. However, there is a rough an ready way to determine if these calls are actively employed in an application. If the application works under the following operating systems, then these calls are not being used;

· Windows 2K (all service packs)
· Windows XP SP1 and SP2
· Windows 2000 Advanced Server
· Windows 2003 Server

The IsBadReadPtr and isBadWritePtr API calls really translate to very old applications that related to Windows 9x and NT4 systems. If your applications are currently running normally (i.e. without frequent and continuous crashes) then your application is very unlikely to actively employ these (now deprecated) API calls.

Simply scanning an application for references to these API's would produce serious over-reporting without actually demonstrating that these calls are likely to be used in a production environment (i.e not a developer testing or debugging mode). As such, ChangeBASE does not currently scan for these deprecated API calls as part of the Platform Integrity analysis.


IsBadReadPtr references can be found at;

IsBadWritePtr references can be found at;

No comments: