[Question] How did you use vector in the kernel?
mor619dx opened this issue · 7 comments
Hey,
I've looked into the project and seen something interested, I saw you used std::vector (specifically in shadow_hook.cpp in SharedShadowHookData struct to keep all the hooks and later to iterate over them)
And I was interested since I remembered that c++ STL and kernel doesn't go very well,
I tried to create a new file in the ddimon project and use std::vector but in compile time I got errors about using c++ exceptions in kernel (with /kernel flag).
Couldn't found any difference between my file to the existing one in the project (no file properties difference from what I saw).
So I was wondered how did you able to use std::vector in the kernel and without the compiler throw errors.
Thanks for the help,
Mor.
Hi,
To compile code with STL (containers), kernel_stl.h needs to be included before including any STL headers. Please try with the header and let me know if that works for you.
Thank you,
It does compile now, however I had some problems.
After isolating the problem it seems that std::vector is not working if the std::vector variable is a class variable.
I instead created pointer to the vector and initialize it using "new" in the initialize function,
when I'm done I use delete of course.
There is another thing that i've seen happening, wierdly happening only when using the ddimon (without any of my additional code) - I use WinDBG to track debug prints. Sometimes after using WinDBG and closing it while ddimon is installed I reopen it and try to capture kernel debug output and I get this message:
Only after restarting I can use WinDBG again. Did you experience something like this / do you know why it's happening?
Hi,
As for the first issue. are you using the vector inside a global object? If you place a std::vector object directly as a global object, its contractor should be called, but I am not sure when it is placed inside a plain struct (w/ no constructor). Can you share the struct declaration?
For the issue with DebugView, does this happen only when DdiMon (or HyperPlatform) is loaded? I have seen the same issue on Windows 10, but I seemed to happen regardless of if you installed DdiMon.
I think the constructor of std::vector is just not being called since creating class object is not calling the constructor of the class (this is the reason for the seperate initialize function),
to create the class object I allocate it using ExAllocatePoolWithTag and than in the initialize function I create the std::vector and save it's pointer.
If I use it as a class member:
class container
{
public:
container(); // If I create class object this is not being called
~container(); // Neither is this
bool add_module(module* app_module);
module* get_module(void* addr);
bool is_in_container(void* addr);
bool initialize();
void finalize();
private:
ModulesMap* m_modules_map;
std::vector<module*> m_modules; // I instead use std::vector<module*>* to later create the std::vector
};
and the initialize function:
bool
container::initialize() {
m_modules_map = static_cast<ModulesMap*>(ModulesMapInitialization());
if (nullptr == m_modules_map) {
return false;
}
m_modules = new std::vector<module*>;
return true;
}
and just use it as:
m_modules->push_back(app_module);
The second issue:
I do use windows 10 for testing, you are right I recheck and it seems it happens after I open windbg second time with kernel debugging turn on.
Accidently close the issue
Thank you for sharing the code. Right, constructor would not be called when ExAllocatePoolWithTag() or anything other than 'new' is used. It is an expected behaviour. If you use new or construct an object on stack or as a global object, its constructor should be called. To avoid new/delete, this can be an option.
Yeah I remember trying to use new but without kernel_stl functionality it didn't work, therefor I used allocation function instead of just creating class object (now that I know I can use new I will convert the code).
I have another unrelated question: When I install ddimon I see some lag in the programs running (the most obvious is gui apps), so for example if I run calc and move it's window fast it seems smooth but after I install ddimon and move the window it seems like it's stuttering.
I thought it might be the hooks, but after removing them it still seem to stutter.
Have any idea why this is happening / what part of the hypervisor causing it?
edit: nevermind I have kinda weird behavior of sometimes it stutter and sometimes it doesn't, if I will find the cause I will update.
Thanks for all the help!
You are welcome.