// AppA - Models MessageBox memory dump analysis pattern
// Copyright (c) 2011 - 2019 Software Diagnostics Technology and Services
// GNU GENERAL PUBLIC LICENSE
// http://www.gnu.org/licenses/gpl-3.0.txt
#include <windows.h>
#include <thread>
#include <chrono>
void thread_A()
{
while (true)
{
std::this_thread::sleep_for(std::chrono::seconds('A'));
}
}
void thread_B()
{
while (true)
{
std::this_thread::sleep_for(std::chrono::seconds('B'));
}
}
void thread_C()
{
while (true)
{
std::this_thread::sleep_for(std::chrono::seconds('C'));
}
}
void thread_D()
{
while (true)
{
MessageBox(NULL, L"Message", L"Error", MB_OK);
std::this_thread::sleep_for(std::chrono::seconds('D'));
}
}
void thread_E()
{
while (true)
{
std::this_thread::sleep_for(std::chrono::seconds('C'));
}
}
void thread_F()
{
while (true)
{
std::this_thread::sleep_for(std::chrono::seconds('C'));
}
}
int wmain(int argc, wchar_t* argv[])
{
std::thread tA(thread_A);
std::thread tB(thread_B);
std::thread tC(thread_C);
std::thread tD(thread_D);
std::thread tE(thread_E);
std::thread tF(thread_F);
tA.join();
tB.join();
tC.join();
tD.join();
tE.join();
tF.join();
std::this_thread::sleep_for(std::chrono::hours(1));
return 0;
}
// AppK - Models multiple exceptions in user mode
// Copyright (c) 2011-2019 Software Diagnostics Technology and Services
// GNU GENERAL PUBLIC LICENSE
// http://www.gnu.org/licenses/gpl-3.0.txt
#include <windows.h>
#include <process.h>
void thread_one(void*)
{
int one{ 1 };
*(int*)nullptr = 0;
}
void thread_two(void*)
{
int two{ 2 };
*(int*)nullptr = 0;
}
int wmain(int argc, wchar_t* argv[])
{
_beginthread(thread_two, 0, nullptr);
_beginthread(thread_one, 0, nullptr);
DebugBreak();
return 0;
}
// AppL – Models process heap memory corruption
// Copyright (c) 2011-2019 Software Diagnostics Technology and Services
// GNU GENERAL PUBLIC LICENSE
// http://www.gnu.org/licenses/gpl-3.0.txt
#include <windows.h>
#include <process.h>
void thread_one(void*)
{
auto p = new short [100];
*(p - 4) = '11';
delete[] p;
}
void thread_two(void*)
{
auto p = new short [100];
*(p - 4) = '22';
delete[] p;
}
int wmain(int argc, wchar_t* argv[])
{
_beginthread(thread_two, 0, nullptr);
_beginthread(thread_one, 0, nullptr);
Sleep(INFINITE);
return 0;
}
// AppL2 – Models process heap memory corruption via buffer overflow
// Copyright (c) 2011-2019 Software Diagnostics Technology and Services
// GNU GENERAL PUBLIC LICENSE
// http://www.gnu.org/licenses/gpl-3.0.txt
#include <thread>
#include <chrono>
#include <string>
const wchar_t str[] = L"Hello Crash! Hello Crash! Hello Crash!";
void thread_one()
{
while (true)
{
auto p = new wchar_t[10];
memcpy(p, str, sizeof(str));
std::this_thread::sleep_for(std::chrono::milliseconds(100));
delete[] p;
}
}
void thread_two()
{
while (true)
{
auto p = new wchar_t[10];
memcpy(p, str, sizeof(str));
std::this_thread::sleep_for(std::chrono::milliseconds(200));
delete[] p;
}
}
int wmain(int argc, wchar_t* argv[])
{
std::thread t1(thread_one);
std::thread t2(thread_two);
t1.join();
t2.join();
std::this_thread::sleep_for(std::chrono::hours(1));
return 0;
}
// AppM - Models invalid pointers for data and code, NULL code pointer, wild pointers and code, spiking thread
// Copyright (c) 2011-2019 Software Diagnostics Technology and Services
// GNU GENERAL PUBLIC LICENSE
// http://www.gnu.org/licenses/gpl-3.0.txt
#include <thread>
#include <chrono>
void thread_one()
{
int* p{ reinterpret_cast<int*>(0xF123456789ABCDEF) };
*p = 1;
}
void thread_two()
{
void (*p)() {};
(*p)();
}
void thread_three()
{
void (*p)() = reinterpret_cast<void (*)()>(new char[1024]);
(*p)();
}
void thread_four()
{
while (true);
}
int wmain(int argc, wchar_t* argv[])
{
std::thread t4(thread_four);
std::this_thread::sleep_for(std::chrono::minutes(1));
std::thread t3(thread_three);
std::thread t2(thread_two);
std::thread t1(thread_one);
std::this_thread::sleep_for(std::chrono::hours(1));
return 0;
}
// AppN - Models hidden exception and critical section deadlock
// Copyright (c) 2011-2019 Software Diagnostics Technology and Services
// GNU GENERAL PUBLIC LICENSE
// http://www.gnu.org/licenses/gpl-3.0.txt
#include <windows.h>
#include <thread>
#include <chrono>
CRITICAL_SECTION cs1;
CRITICAL_SECTION cs2;
void thread_one()
{
int* p{};
try
{
EnterCriticalSection(&cs1);
*p = 0;
LeaveCriticalSection(&cs1);
}
catch (...)
{
}
std::this_thread::sleep_for(std::chrono::seconds(2));
EnterCriticalSection(&cs2);
LeaveCriticalSection(&cs2);
}
void thread_two()
{
EnterCriticalSection(&cs2);
EnterCriticalSection(&cs1);
std::this_thread::sleep_for(std::chrono::seconds(3));
LeaveCriticalSection(&cs1);
LeaveCriticalSection(&cs2);
}
int wmain(int argc, wchar_t* argv[])
{
InitializeCriticalSection(&cs1);
InitializeCriticalSection(&cs2);
std::thread t1(thread_one);
std::this_thread::sleep_for(std::chrono::seconds(1));
std::thread t2(thread_two);
t1.join();
t2.join();
std::this_thread::sleep_for(std::chrono::minutes(1));
return 0;
}
// AppO - Models stack overflow, local buffer overflow, and double free patterns
// Copyright (c) 2011-2019 Software Diagnostics Technology and Services
// GNU GENERAL PUBLIC LICENSE
// http://www.gnu.org/licenses/gpl-3.0.txt
#include <thread>
#include <chrono>
void thread_one()
{
static int i{};
++i;
while (i)
{
thread_one();
}
}
void bar()
{
char buffer[200] = "Hello Crash! Hello Crash! Hello Crash! Hello Crash! Hello Crash! Hello Crash! Hello Crash! Hello Crash! Hello Crash! Hello Crash!";
memcpy(buffer+strlen(buffer), buffer, strlen(buffer));
}
void foo()
{
bar();
}
void thread_two()
{
foo();
}
void do_smth(char* p)
{
delete[] p;
}
void thread_three()
{
auto* p = new char[100];
do_smth(p);
delete[] p;
}
int wmain(int argc, wchar_t* argv[])
{
std::thread t3(thread_three);
std::thread t2(thread_two);
std::thread t1(thread_one);
t1.join();
t2.join();
t3.join();
std::this_thread::sleep_for(std::chrono::hours(1));
return 0;
}
// AppP - Models execution residue (ASCII, UNICODE), C++ exception, divide by zero
// Copyright (c) 2011-2019 Software Diagnostics Technology and Services
// GNU GENERAL PUBLIC LICENSE
// http://www.gnu.org/licenses/gpl-3.0.txt
#include <thread>
#include <chrono>
void bar()
{
char buffer1[100] = "";
char buffer[60] = "Interesting data! Even more interesting data";
char buffer2[100] = "";
wchar_t buffer3[60] = L"Interesting data! Even more interesting data!";
char buffer4[100] = "";
strcat_s(buffer, "!");
}
void foo()
{
char buffer[100] = "";
bar();
}
void thread_one()
{
char buffer[100] = "";
foo();
std::this_thread::sleep_for(std::chrono::hours(1));
}
void thread_two()
{
throw 0x12345678;
}
void thread_three()
{
int j = 0;
int i = 1 / j;
}
int wmain(int argc, wchar_t* argv[])
{
std::thread t3(thread_three);
std::thread t2(thread_two);
std::thread t1(thread_one);
t1.join();
t2.join();
t3.join();
std::this_thread::sleep_for(std::chrono::hours(1));
return 0;
}
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
namespace ApplicationR
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
}
private void button1_Click(object sender, EventArgs e)
{
}
private void button1_Click_1(object sender, EventArgs e)
{
unsafe
{
int* p = (int*)0;
*p = 1;
}
}
}
}
// AppS - Models memory leak (process heap)
// Copyright (c) 2011 - 2019 Software Diagnostics Technology and Services
// GNU GENERAL PUBLIC LICENSE
// http://www.gnu.org/licenses/gpl-3.0.txt
#include <thread>
#include <chrono>
#include <vector>
#include <algorithm>
void bar()
{
std::vector<std::byte*> data;
data.resize(1000000);
std::for_each(data.begin(), data.end(),
[](auto& elem)
{
for (int j = 0; j < 100000; ++j);
new std::byte[1000]; // Forgot to assign...
});
std::this_thread::sleep_for(std::chrono::minutes(1)); // One minute work...
for (const auto& elem : data)
{
delete[] elem; // We think we release memory after work...
}
std::this_thread::sleep_for(std::chrono::hours(1));
}
void foo()
{
bar();
}
void thread_one()
{
foo();
std::this_thread::sleep_for(std::chrono::hours(1));
}
void thread_two()
{
std::this_thread::sleep_for(std::chrono::hours(1));
}
void thread_three()
{
std::this_thread::sleep_for(std::chrono::hours(1));
}
int wmain(int argc, wchar_t* argv[])
{
std::thread t3(thread_three);
std::thread t2(thread_two);
std::thread t1(thread_one);
t3.join();
t2.join();
t1.join();
std::this_thread::sleep_for(std::chrono::hours(1));
return 0;
}
// AppQ - Illustrates Wait Chain memory dump analysis pattern
// Copyright (c) 2013 - 2019 Software Diagnostics Services
// GNU GENERAL PUBLIC LICENSE
// http://www.gnu.org/licenses/gpl-3.0.txt
#include "framework.h"
#include "AppQ.h"
#define MAX_LOADSTRING 100
// Global Variables:
HINSTANCE hInst; // current instance
WCHAR szTitle[MAX_LOADSTRING]; // The title bar text
WCHAR szWindowClass[MAX_LOADSTRING]; // the main window class name
// Forward declarations of functions included in this code module:
ATOM MyRegisterClass(HINSTANCE hInstance);
BOOL InitInstance(HINSTANCE, int);
LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
INT_PTR CALLBACK About(HWND, UINT, WPARAM, LPARAM);
void StartModeling();
int APIENTRY wWinMain(_In_ HINSTANCE hInstance,
_In_opt_ HINSTANCE hPrevInstance,
_In_ LPWSTR lpCmdLine,
_In_ int nCmdShow)
{
UNREFERENCED_PARAMETER(hPrevInstance);
UNREFERENCED_PARAMETER(lpCmdLine);
// TODO: Place code here.
// Initialize global strings
LoadStringW(hInstance, IDS_APP_TITLE, szTitle, MAX_LOADSTRING);
LoadStringW(hInstance, IDC_APPQ, szWindowClass, MAX_LOADSTRING);
MyRegisterClass(hInstance);
// Perform application initialization:
if (!InitInstance (hInstance, nCmdShow))
{
return FALSE;
}
HACCEL hAccelTable = LoadAccelerators(hInstance, MAKEINTRESOURCE(IDC_APPQ));
MSG msg;
// Main message loop:
while (GetMessage(&msg, nullptr, 0, 0))
{
if (!TranslateAccelerator(msg.hwnd, hAccelTable, &msg))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
return (int) msg.wParam;
}
//
// FUNCTION: MyRegisterClass()
//
// PURPOSE: Registers the window class.
//
ATOM MyRegisterClass(HINSTANCE hInstance)
{
WNDCLASSEXW wcex;
wcex.cbSize = sizeof(WNDCLASSEX);
wcex.style = CS_HREDRAW | CS_VREDRAW;
wcex.lpfnWndProc = WndProc;
wcex.cbClsExtra = 0;
wcex.cbWndExtra = 0;
wcex.hInstance = hInstance;
wcex.hIcon = LoadIcon(hInstance, MAKEINTRESOURCE(IDI_APPQ));
wcex.hCursor = LoadCursor(nullptr, IDC_ARROW);
wcex.hbrBackground = (HBRUSH)(COLOR_WINDOW+1);
wcex.lpszMenuName = MAKEINTRESOURCEW(IDC_APPQ);
wcex.lpszClassName = szWindowClass;
wcex.hIconSm = LoadIcon(wcex.hInstance, MAKEINTRESOURCE(IDI_SMALL));
return RegisterClassExW(&wcex);
}
//
// FUNCTION: InitInstance(HINSTANCE, int)
//
// PURPOSE: Saves instance handle and creates main window
//
// COMMENTS:
//
// In this function, we save the instance handle in a global variable and
// create and display the main program window.
//
BOOL InitInstance(HINSTANCE hInstance, int nCmdShow)
{
hInst = hInstance; // Store instance handle in our global variable
HWND hWnd = CreateWindowW(szWindowClass, szTitle, WS_OVERLAPPEDWINDOW,
CW_USEDEFAULT, 0, CW_USEDEFAULT, 0, nullptr, nullptr, hInstance, nullptr);
if (!hWnd)
{
return FALSE;
}
ShowWindow(hWnd, nCmdShow);
UpdateWindow(hWnd);
return TRUE;
}
//
// FUNCTION: WndProc(HWND, UINT, WPARAM, LPARAM)
//
// PURPOSE: Processes messages for the main window.
//
// WM_COMMAND - process the application menu
// WM_PAINT - Paint the main window
// WM_DESTROY - post a quit message and return
//
//
LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
switch (message)
{
case WM_COMMAND:
{
int wmId = LOWORD(wParam);
// Parse the menu selections:
switch (wmId)
{
case ID_FILE_START:
StartModeling();
break;
case IDM_ABOUT:
DialogBox(hInst, MAKEINTRESOURCE(IDD_ABOUTBOX), hWnd, About);
break;
case IDM_EXIT:
DestroyWindow(hWnd);
break;
default:
return DefWindowProc(hWnd, message, wParam, lParam);
}
}
break;
case WM_PAINT:
{
PAINTSTRUCT ps;
HDC hdc = BeginPaint(hWnd, &ps);
// TODO: Add any drawing code that uses hdc here...
EndPaint(hWnd, &ps);
}
break;
case WM_DESTROY:
PostQuitMessage(0);
break;
default:
return DefWindowProc(hWnd, message, wParam, lParam);
}
return 0;
}
// Message handler for about box.
INT_PTR CALLBACK About(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
{
UNREFERENCED_PARAMETER(lParam);
switch (message)
{
case WM_INITDIALOG:
return (INT_PTR)TRUE;
case WM_COMMAND:
if (LOWORD(wParam) == IDOK || LOWORD(wParam) == IDCANCEL)
{
EndDialog(hDlg, LOWORD(wParam));
return (INT_PTR)TRUE;
}
break;
}
return (INT_PTR)FALSE;
}
DWORD WINAPI ThreadProcAB(LPVOID);
DWORD WINAPI ThreadProcBCDE(LPVOID);
DWORD WINAPI ThreadProcC(LPVOID);
DWORD WINAPI ThreadProcD(LPVOID);
DWORD WINAPI ThreadProcE(LPVOID);
void StartModeling(void)
{
HANDLE hThread = CreateThread(NULL, 0, ThreadProcAB, NULL, 0, NULL);
WaitForSingleObject(hThread, INFINITE);
}
DWORD WINAPI ThreadProcAB(LPVOID)
{
HANDLE hThread = CreateThread(NULL, 0, ThreadProcBCDE, NULL, 0, NULL);
return WaitForSingleObject(hThread, INFINITE);
}
DWORD WINAPI ThreadProcBCDE(LPVOID)
{
HANDLE hThreads[3];
HANDLE hEvent = CreateEvent(NULL, FALSE, FALSE, NULL);
hThreads[0] = CreateThread(NULL, 0, ThreadProcC, NULL, 0, NULL);
hThreads[1] = CreateThread(NULL, 0, ThreadProcD, NULL, 0, NULL);
hThreads[2] = CreateThread(NULL, 0, ThreadProcE, hEvent, 0, NULL);
return WaitForMultipleObjects(3, hThreads, TRUE, INFINITE);
}
DWORD WINAPI ThreadProcC(LPVOID)
{
Sleep(1000);
return 0;
}
DWORD WINAPI ThreadProcD(LPVOID)
{
Sleep(2000);
return 0;
}
DWORD WINAPI ThreadProcE(LPVOID hEvent)
{
return WaitForSingleObject((HANDLE)hEvent, INFINITE);
}
// AppT - Models handle leak
// Copyright (c) 2019 Software Diagnostics Technology and Services
// GNU GENERAL PUBLIC LICENSE
// http://www.gnu.org/licenses/gpl-3.0.txt
#include <windows.h>
#include <thread>
#include <chrono>
#include <vector>
#include <algorithm>
void bar()
{
std::vector<HANDLE> data;
data.resize(123456);
std::for_each(data.begin(), data.end(),
[](auto& elem)
{
for (int j = 0; j < 100000; ++j);
::CreateFile(L"AppT.txt", GENERIC_READ, FILE_SHARE_READ,
nullptr, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, nullptr); // Forgot to assign...
});
std::this_thread::sleep_for(std::chrono::minutes(1)); // One minute work...
for (const auto& elem : data)
{
::CloseHandle(elem); // We think we close handles after work...
}
std::this_thread::sleep_for(std::chrono::hours(1));
}
void foo()
{
bar();
}
void thread_one()
{
foo();
std::this_thread::sleep_for(std::chrono::hours(1));
}
void thread_two()
{
std::this_thread::sleep_for(std::chrono::hours(1));
}
void thread_three()
{
std::this_thread::sleep_for(std::chrono::hours(1));
}
int wmain(int argc, wchar_t* argv[])
{
std::thread t3(thread_three);
std::thread t2(thread_two);
std::thread t1(thread_one);
t3.join();
t2.join();
t1.join();
std::this_thread::sleep_for(std::chrono::hours(1));
return 0;
}