Windows是否清除内存页面? [英] Does Windows clear memory pages?
问题描述
我知道Windows关闭时可以选择清除页面文件.
当Windows进入或超出范围时,Windows对实际的物理/虚拟内存有什么特别的地方吗?
例如,假设我运行应用程序A,该应用程序将可识别的字符串写入内存中的变量,然后关闭该应用程序.然后,我运行应用程序B.它分配了很大的内存,未初始化内容,并在其中搜索了应用程序A编写的已知字符串.
应用程序B是否有可能拾取应用程序A编写的字符串?还是Windows在可用内存之前先清理内存?
Windows 确实清理"进程返回的已释放内存,然后再将其分配给其他进程.有一个专门用于此任务的内核线程.
归零页面线程以最低优先级运行,并负责将空闲页面归零,然后将其移至归零页面列表中.
Windows不会不清除"内存,只要它已分配给进程即可(显然).而是由程序(mer)来完成.为此,可以使用文章 .
I know that Windows has an option to clear the page file when it shuts down.
Does Windows do anything special with the actual physical/virtual memory when it goes in or out of scope?
For instance, let's say I run application A, which writes a recognizable string to a variable in memory, and then I close the application. Then I run application B. It allocates a large chunk of memory, leaves the contents uninitialized, and searches it for the known string written by application A.
Is there ANY possibility that application B will pick up the string written by application A? Or does Windows scrub the memory before making it available?
解决方案Windows does "scrub" the freed memory returned by a process before allocating it to other processes. There is a kernel thread specifically for this task alone.
The zero page thread runs at the lowest priority and is responsible for zeroing out free pages before moving them to the zeroed page list
[1].
Rather than worrying about retaining sensitive data in the paging file, you should be worried about continuing to retain it in memory (after use) in the first place. Clearing the page-file on shutdown is not the default behavior. Also a system crash dump will contain any sensitive info that you may have in "plain-text" in RAM.
Windows does NOT "scrub" the memory as long as it is allocated to a process (obviously). Rather it is left to the program(mer) to do so. For this very purpose one can use the
SecureZeroMemory()function.This function is defined as the
RtlSecureZeroMemory()function ( seeWinBase.h). The implementation ofRtlSecureZeroMemory()is provided inline and can be used on any version of Windows ( seeWinNT.h)Use this function instead of
ZeroMemory()when you want to ensure that your data will be overwritten promptly, as some C++ compilers can optimize a call toZeroMemory()by removing it entirely.WCHAR szPassword[MAX_PATH]; /* Obtain the password */ if (GetPasswordFromUser(szPassword, MAX_PATH)) { UsePassword(szPassword); } /* Before continuing, clear the password from memory */ SecureZeroMemory(szPassword, sizeof(szPassword));Don't forget to read this interesting article by Raymond Chen.
这篇关于Windows是否清除内存页面?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
