Windows 会清除内存页吗? [英] Does Windows clear memory pages?

问题描述

我知道 Windows 可以选择在关闭时清除页面文件.

当实际物理/虚拟内存进入或超出范围时，Windows 是否会对它做任何特殊处理?

例如，假设我运行应用程序 A，它将一个可识别的字符串写入内存中的一个变量，然后我关闭该应用程序.然后我运行应用程序 B.它分配一大块内存，保留未初始化的内容，并搜索应用程序 A 写入的已知字符串.

应用程序 B 是否有可能获取应用程序 A 写入的字符串?还是 Windows 会在内存可用之前对其进行清理?

解决方案

Windows 确实清理"进程返回的已释放内存，然后再将其分配给其他进程.有一个内核线程专门针对这个任务.

<块引用>

零页面线程以最低优先级运行，负责在将空闲页面移至归零页面列表之前将其清零 ^函数.

<块引用>

这个函数被定义为RtlSecureZeroMemory() 函数(见WinBase.h).RtlSecureZeroMemory() 的实现是内联提供的，可以在任何版本的 Windows 上使用(参见 WinNT.h)

当您想确保数据会被及时覆盖时，请使用此函数代替 ZeroMemory()，因为某些 C++ 编译器可以优化对 的调用ZeroMemory() 完全删除它.

WCHAR szPassword[MAX_PATH];/* 获取密码 */if (GetPasswordFromUser(szPassword, MAX_PATH)){使用密码(szPassword);}/* 在继续之前，清除内存中的密码 */SecureZeroMemory(szPassword, sizeof(szPassword));

不要忘记阅读这篇有趣的文章 by Raymond Chen.

I know that Windows has an option to clear the page file when it shuts down.

Does Windows do anything special with the actual physical/virtual memory when it goes in or out of scope?

For instance, let's say I run application A, which writes a recognizable string to a variable in memory, and then I close the application. Then I run application B. It allocates a large chunk of memory, leaves the contents uninitialized, and searches it for the known string written by application A.

Is there ANY possibility that application B will pick up the string written by application A? Or does Windows scrub the memory before making it available?

解决方案

Windows does "scrub" the freed memory returned by a process before allocating it to other processes. There is a kernel thread specifically for this task alone.

The zero page thread runs at the lowest priority and is responsible for zeroing out free pages before moving them to the zeroed page list^[1].

---

Rather than worrying about retaining sensitive data in the paging file, you should be worried about continuing to retain it in memory (after use) in the first place. Clearing the page-file on shutdown is not the default behavior. Also a system crash dump will contain any sensitive info that you may have in "plain-text" in RAM.

Windows does NOT "scrub" the memory as long as it is allocated to a process (obviously). Rather it is left to the program(mer) to do so. For this very purpose one can use the SecureZeroMemory() function.

This function is defined as the RtlSecureZeroMemory() function ( see WinBase.h). The implementation of RtlSecureZeroMemory() is provided inline and can be used on any version of Windows ( see WinNT.h)

Use this function instead of ZeroMemory() when you want to ensure that your data will be overwritten promptly, as some C++ compilers can optimize a call to ZeroMemory() by removing it entirely.

WCHAR szPassword[MAX_PATH];

/* Obtain the password */
if (GetPasswordFromUser(szPassword, MAX_PATH))
{    
    UsePassword(szPassword);
}

/* Before continuing, clear the password from memory */
SecureZeroMemory(szPassword, sizeof(szPassword));

Don't forget to read this interesting article by Raymond Chen.

这篇关于Windows 会清除内存页吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！