Conversation

Chetan Nayak (Brute Ratel C4 Author)

@NinjaParanoid

·

Jan 26

"When you enter a function (VC++ with the stack checking enabled), it will call the _chkstk located in CHKSTK.ASM. This function does a stack page probing and causes the necessary pages of memory to be allocated using the guard page scheme, if possible."

1

1

namazso

@namazso

·

Jan 26

Nowhere in these three quotes does it say it catches anything. "increases the stack", "causes the necessary pages of memory to be allocated". That is because it does not catch anything. It causes exceptions that are caught and memory allocated in place of the guard pages.

1

1

namazso

@namazso

·

Jan 26

So while your supposedly source materials are correct, you interpreted it wrong, and your statement ("This exception is usually caught by the _chkstk routine") is simply just wrong. Nothing in those links and quotes says anything equivalent to that.

1

1

namazso

@namazso

·

Jan 26

In case you're wondering where the magic *actually* happens, check nt!MiCheckForUserStackOverflow

1

1

Chetan Nayak (Brute Ratel C4 Author)

@NinjaParanoid

·

Jan 27

The doc literally says "_chkstk() increases the stack when needed by committing some of the pages previously reserved for the stack". How did you miss that?

3

1

namazso

@namazso

·

Jan 27

That is not what your article states. It states that _chkstk catches exceptions. Can you provide a source to that?

1

1

Chetan Nayak (Brute Ratel C4 Author)

@NinjaParanoid

·

Jan 27

I did provide a source in the other tweet reply, but here it is again. You will find a lot more in stackoverflow if you simply google it.

codeguru.com

Adventures with _chkstk | CodeGuru

_chkstk Routine is a helper routine for the C compiler. For x86 compilers, _chkstk Routine is called when the local variables exceed 4K bytes; for x64

1

1

1

Chetan Nayak (Brute Ratel C4 Author)

@NinjaParanoid

·

Jan 27

This, again!

2

1

Chetan Nayak (Brute Ratel C4 Author)

@NinjaParanoid

·

Jan 27

I think you are confusing _chkstk from MingwGCC with __chkstk from VC++. Both are different.

1

1

namazso

@namazso

·

Jan 27

Neither does any catching, and both relies on the OS (MiCheckForUserStackOverflow) to do the catching and allocation

1

namazso

@namazso

Thinking that _chkstk catches anything, or that it directly allocates pages is a complete misunderstanding of how stack growing works. Stack pages are allocated by the kernel, whenever the guard pages are hit. Probing is necessary so that a single logical allocation can't skip 1/

9:40 AM · Jan 27, 2023

·

227

Views

1

Like

namazso

@namazso

·

Jan 27

over enough memory without touching anything that would result in an address past the guard pages. For small stack functions, it is not needed exactly because when they're called, the call instruction will touch the stack page when pushing the return address. 2/

1

1

namazso

@namazso

·

Jan 27

Ultimately, it does not matter how one does the stack probe. Some do the allocation inside, some do it outside the probe function. Gcc can inline it too. You can also use your own probing function. It does not matter how the pages are touched, they just need to be written. 3/

1

1

Show replies