how to write non pageable function in Applications

Hi All,

Is it possible to write non pageable functions in applications on windows
2000?

Any information is helpful.

Thanks,
Kedar.

Hello

Try to VirtualLock() your function starting from its address till its
address+function_size

Hope that helps,
Elias

“kedar” wrote in message news:xxxxx@ntfsd…
> Hi All,
>
> Is it possible to write non pageable functions in applications on windows
> 2000?
>
> Any information is helpful.
>
> Thanks,
> Kedar.

> “kedar” wrote in message news:xxxxx@ntfsd…
>>
>>Is it possible to write non pageable functions in applications on windows
>>2000?
>>
lallous wrote:
> Try to VirtualLock() your function starting from its address till its
> address+function_size
>

Well, I have always heard that VirtualLock() locks pages in a processes
working set (documentation to the contrary), but does not keep the
ENTIRE working set from being paged out.

Not being an application programmer, and not having sufficient
motivation, I’ve never verified that this is true. Anybody ever walk
into VirtualLock to see what NT function this calls?

Any time I’ve really, really, really wanted to guarantee that a set of
pages in an application don’t get paged out, I probe and lock the page
range with an MDL. THAT ensures that the pages won’t leave memory for sure.

Peter
OSR

Hi All,

How to get the function ending address, I think to get the function starting
address we need to define function pointer and equate the function to the
pointer and know the address.

Any information is helpful.

Thanks,
Kedar.

“kedar” wrote in message news:xxxxx@ntfsd…
>>
>>Is it possible to write non pageable functions in applications on windows
>>2000?
>>
lallous wrote:
> Try to VirtualLock() your function starting from its address till its
> address+function_size
>

Well, I have always heard that VirtualLock() locks pages in a processes
working set (documentation to the contrary), but does not keep the
ENTIRE working set from being paged out.

Not being an application programmer, and not having sufficient
motivation, I’ve never verified that this is true. Anybody ever walk
into VirtualLock to see what NT function this calls?

Any time I’ve really, really, really wanted to guarantee that a set of
pages in an application don’t get paged out, I probe and lock the page
range with an MDL. THAT ensures that the pages won’t leave memory for sure.

Peter
OSR

Hi All,

How to get the function ending address, I think to get the function starting
address we need to define function pointer and equate the function to the
pointer and know the address.

Any information is helpful.

Thanks,
Kedar.

Hi All,

How to get the function ending address and starting address, I think to get
the function starting
address we need to define function pointer and equate the function to the
pointer and know the address.

Any information is helpful.

Thanks,
Kedar.

“kedar” wrote in message news:xxxxx@ntfsd…
>>
>>Is it possible to write non pageable functions in applications on windows
>>2000?
>>
lallous wrote:
> Try to VirtualLock() your function starting from its address till its
> address+function_size
>

Well, I have always heard that VirtualLock() locks pages in a processes
working set (documentation to the contrary), but does not keep the
ENTIRE working set from being paged out.

Not being an application programmer, and not having sufficient
motivation, I’ve never verified that this is true. Anybody ever walk
into VirtualLock to see what NT function this calls?

Any time I’ve really, really, really wanted to guarantee that a set of
pages in an application don’t get paged out, I probe and lock the page
range with an MDL. THAT ensures that the pages won’t leave memory for sure.

Peter
OSR

You can do something like:

void
foo()
{
/* your function code here */
return;
}

void
foo_end()
{
}

int main()
{
unsigned int size = 0;
printf(“%u\n”, foo);
printf(“%u\n”, foo_end);
size = (unsigned int)foo_end - (unsigned int)foo;
printf(“%u\n”, size);
return 0;
}

ofcourse if the code is supposed to work on 64 bit as well, then use
DWORD_PTR instead of unsigned int.
Also i didn’t test it with inline functions but i don’t think this will work
with them.


Pankaj Garg
This posting is provided “AS IS” with no warranties and confers no rights.

“kedar” wrote in message news:xxxxx@ntfsd…
> Hi All,
>
>
> How to get the function ending address, I think to get the function
starting
> address we need to define function pointer and equate the function to the
> pointer and know the address.
>
> Any information is helpful.
>
> Thanks,
> Kedar.
>
>
>

You are making a heck of a lot of assumptions about the code generator to do
this. There is no requirement that foo_end follows foo.


Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

“Pankaj Garg” wrote in message
news:xxxxx@ntfsd…
> You can do something like:
>
> void
> foo()
> {
> /* your function code here */
> return;
> }
>
> void
> foo_end()
> {
> }
>
> int main()
> {
> unsigned int size = 0;
> printf(“%u\n”, foo);
> printf(“%u\n”, foo_end);
> size = (unsigned int)foo_end - (unsigned int)foo;
> printf(“%u\n”, size);
> return 0;
> }
>
> ofcourse if the code is supposed to work on 64 bit as well, then use
> DWORD_PTR instead of unsigned int.
> Also i didn’t test it with inline functions but i don’t think this will
work
> with them.
>
> –
> Pankaj Garg
> This posting is provided “AS IS” with no warranties and confers no rights.
>
>
> “kedar” wrote in message news:xxxxx@ntfsd…
> > Hi All,
> >
> >
> > How to get the function ending address, I think to get the function
> starting
> > address we need to define function pointer and equate the function to
the
> > pointer and know the address.
> >
> > Any information is helpful.
> >
> > Thanks,
> > Kedar.
> >
> >
> >
>
>
>

Yes you are right. But for Windows C compiler, we can turn the optimization
off by doing something like
#pragma optimize (“g”, off)
to turn off the compiler optimization for that specific piece of code. (Its
unfortunate that there is no push pop version for the optimize though)

Wouldn’t that make sure that they are laid in the same order?

Or can you suggest some other way to know the exact function size?


Pankaj Garg
This posting is provided “AS IS” with no warranties and confers no rights.

“Don Burn” wrote in message news:xxxxx@ntfsd…
> You are making a heck of a lot of assumptions about the code generator to
do
> this. There is no requirement that foo_end follows foo.
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Remove StopSpam from the email to reply
>
> “Pankaj Garg” wrote in message
> news:xxxxx@ntfsd…
> > You can do something like:
> >
> > void
> > foo()
> > {
> > /* your function code here */
> > return;
> > }
> >
> > void
> > foo_end()
> > {
> > }
> >
> > int main()
> > {
> > unsigned int size = 0;
> > printf(“%u\n”, foo);
> > printf(“%u\n”, foo_end);
> > size = (unsigned int)foo_end - (unsigned int)foo;
> > printf(“%u\n”, size);
> > return 0;
> > }
> >
> > ofcourse if the code is supposed to work on 64 bit as well, then use
> > DWORD_PTR instead of unsigned int.
> > Also i didn’t test it with inline functions but i don’t think this will
> work
> > with them.
> >
> > –
> > Pankaj Garg
> > This posting is provided “AS IS” with no warranties and confers no
rights.
> >
> >
> > “kedar” wrote in message news:xxxxx@ntfsd…
> > > Hi All,
> > >
> > >
> > > How to get the function ending address, I think to get the function
> > starting
> > > address we need to define function pointer and equate the function to
> the
> > > pointer and know the address.
> > >
> > > Any information is helpful.
> > >
> > > Thanks,
> > > Kedar.
> > >
> > >
> > >
> >
> >
> >
>
>
>

(a) turning off the optimizer is bad - it actually does good things
you know!

(b) there’s no guarantee even if you do – each routine is a separate
section and the linker can lay code out however it likes.

(c) please don’t ever cast pointers to int’s! Say instead

int diff = (char*)foo_end - (char*)foo;

(not that this is a good idea anyway but I just hate to see this!)

I think there’s basically no way to do what you want directly – what you
could do I guess is put the function(s) in a separate DLL and then lock down
the entire range of the DLL…

/simgr

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Pankaj Garg
Sent: Tuesday, January 04, 2005 5:15 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] how to write non pageable function in Applications

Yes you are right. But for Windows C compiler, we can turn the optimization
off by doing something like
#pragma optimize (“g”, off)
to turn off the compiler optimization for that specific piece of code. (Its
unfortunate that there is no push pop version for the optimize though)

Wouldn’t that make sure that they are laid in the same order?

Or can you suggest some other way to know the exact function size?


Pankaj Garg
This posting is provided “AS IS” with no warranties and confers no rights.

“Don Burn” wrote in message news:xxxxx@ntfsd…
> You are making a heck of a lot of assumptions about the code generator to
do
> this. There is no requirement that foo_end follows foo.
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Remove StopSpam from the email to reply
>
> “Pankaj Garg” wrote in message
> news:xxxxx@ntfsd…
> > You can do something like:
> >
> > void
> > foo()
> > {
> > /* your function code here */
> > return;
> > }
> >
> > void
> > foo_end()
> > {
> > }
> >
> > int main()
> > {
> > unsigned int size = 0;
> > printf(“%u\n”, foo);
> > printf(“%u\n”, foo_end);
> > size = (unsigned int)foo_end - (unsigned int)foo;
> > printf(“%u\n”, size);
> > return 0;
> > }
> >
> > ofcourse if the code is supposed to work on 64 bit as well, then use
> > DWORD_PTR instead of unsigned int.
> > Also i didn’t test it with inline functions but i don’t think this will
> work
> > with them.
> >
> > –
> > Pankaj Garg
> > This posting is provided “AS IS” with no warranties and confers no
rights.
> >
> >
> > “kedar” wrote in message news:xxxxx@ntfsd…
> > > Hi All,
> > >
> > >
> > > How to get the function ending address, I think to get the function
> > starting
> > > address we need to define function pointer and equate the function to
> the
> > > pointer and know the address.
> > >
> > > Any information is helpful.
> > >
> > > Thanks,
> > > Kedar.
> > >
> > >
> > >
> >
> >
> >
>
>
>


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@stratus.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Well we all know that optimizations are good but IMHO a careful disabling of
those optimizations (specially for specific segments of code) is not such a
bad thing. After all, sometimes the programmer should be command and not the
compiler :slight_smile:

Also, not to say that linker won’t change the code layout, but i have not
seen that happen ever. I had to once deal with injecting code in a running
process and i used the approach given below. I have yet to see it causing
any problem. I could insert raw machine instruction instead, but i was lazy
and the project was not for commercial purpose.

Still I agree that putting the code in a seperate DLL and then locking that
memory range seems a better solution.


Pankaj Garg
This posting is provided “AS IS” with no warranties and confers no rights.

“Graham, Simon” wrote in message
news:xxxxx@ntfsd…
> (a) turning off the optimizer is bad - it actually does good things
> you know!
>
> (b) there’s no guarantee even if you do – each routine is a separate
> section and the linker can lay code out however it likes.
>
> (c) please don’t ever cast pointers to int’s! Say instead
>
> int diff = (char*)foo_end - (char*)foo;
>
> (not that this is a good idea anyway but I just hate to see this!)
>
> I think there’s basically no way to do what you want directly – what you
> could do I guess is put the function(s) in a separate DLL and then lock
down
> the entire range of the DLL…
>
> /simgr
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Pankaj Garg
> Sent: Tuesday, January 04, 2005 5:15 PM
> To: Windows File Systems Devs Interest List
> Subject: Re:[ntfsd] how to write non pageable function in Applications
>
> Yes you are right. But for Windows C compiler, we can turn the
optimization
> off by doing something like
> #pragma optimize (“g”, off)
> to turn off the compiler optimization for that specific piece of code.
(Its
> unfortunate that there is no push pop version for the optimize though)
>
> Wouldn’t that make sure that they are laid in the same order?
>
> Or can you suggest some other way to know the exact function size?
>
> –
> Pankaj Garg
> This posting is provided “AS IS” with no warranties and confers no rights.
>
>
> “Don Burn” wrote in message news:xxxxx@ntfsd…
> > You are making a heck of a lot of assumptions about the code generator
to
> do
> > this. There is no requirement that foo_end follows foo.
> >
> >
> > –
> > Don Burn (MVP, Windows DDK)
> > Windows 2k/XP/2k3 Filesystem and Driver Consulting
> > Remove StopSpam from the email to reply
> >
> > “Pankaj Garg” wrote in message
> > news:xxxxx@ntfsd…
> > > You can do something like:
> > >
> > > void
> > > foo()
> > > {
> > > /* your function code here */
> > > return;
> > > }
> > >
> > > void
> > > foo_end()
> > > {
> > > }
> > >
> > > int main()
> > > {
> > > unsigned int size = 0;
> > > printf(“%u\n”, foo);
> > > printf(“%u\n”, foo_end);
> > > size = (unsigned int)foo_end - (unsigned int)foo;
> > > printf(“%u\n”, size);
> > > return 0;
> > > }
> > >
> > > ofcourse if the code is supposed to work on 64 bit as well, then use
> > > DWORD_PTR instead of unsigned int.
> > > Also i didn’t test it with inline functions but i don’t think this
will
> > work
> > > with them.
> > >
> > > –
> > > Pankaj Garg
> > > This posting is provided “AS IS” with no warranties and confers no
> rights.
> > >
> > >
> > > “kedar” wrote in message news:xxxxx@ntfsd…
> > > > Hi All,
> > > >
> > > >
> > > > How to get the function ending address, I think to get the function
> > > starting
> > > > address we need to define function pointer and equate the function
to
> > the
> > > > pointer and know the address.
> > > >
> > > > Any information is helpful.
> > > >
> > > > Thanks,
> > > > Kedar.
> > > >
> > > >
> > > >
> > >
> > >
> > >
> >
> >
> >
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@stratus.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

>

(c) please don’t ever cast pointers to int’s! Say instead

int diff = (char*)foo_end - (char*)foo;

(not that this is a good idea anyway but I just hate to see this!)

Please don’t ever attempt to express the difference between two pointers
as an int! Say instead

INT_PTR diff = (PVOID)foo_end - (PVOID)foo;

as “int” is a 32 bit value, even on Windows64 systems, and INT_PTR
changes with the pointer size based on the system.

:slight_smile:

Peter
OSR

Isn’t this why compiler has sections, pragmas to select sections, and
DDK support to make sections unpagable?

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Peter Viscarola
(OSR)
Sent: Tuesday, January 04, 2005 6:42 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] how to write non pageable function in Applications

(c) please don’t ever cast pointers to int’s! Say instead

int diff = (char*)foo_end - (char*)foo;

(not that this is a good idea anyway but I just hate to see this!)

Please don’t ever attempt to express the difference between two pointers
as an int! Say instead

INT_PTR diff = (PVOID)foo_end - (PVOID)foo;

as “int” is a 32 bit value, even on Windows64 systems, and INT_PTR
changes with the pointer size based on the system.

:slight_smile:

Peter
OSR


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@basistech.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

Benson Margulies wrote:

Isn’t this why compiler has sections, pragmas to select sections, and
DDK support to make sections unpagable?

Yes, but OP asked about making a USER MODE application non-pageable.

Hence this discussion,

Peter
OSR

> INT_PTR diff = (PVOID)foo_end - (PVOID)foo;

Note that you cannot subtract two PVOID pointers,
you have to cast them to PUCHAR if you are interested
in the size in bytes :slight_smile:

L.

> INT_PTR diff = (PVOID)foo_end - (PVOID)foo;

Can you subtract 2 PVOIDs?

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

No. Need to cast to char* (i.e. some type guaranteed to be size 1.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Wednesday, January 05, 2005 7:55 AM
To: Windows File Systems Devs Interest List
Subject: Re: Re:[ntfsd] how to write non pageable function in Applications

INT_PTR diff = (PVOID)foo_end - (PVOID)foo;

Can you subtract 2 PVOIDs?

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@stratus.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

In VC7.1, look in the project properties, Linker, Optimization, Function
Order. You need to create a text file with the function names. If you are
unable to get your function names right, you can try to make them extern
“C”. Hint: look the map file to know the function name.

Or simply look at the /ORDER linker option.

And be SURE to not use Edit and Continue otherwise you’ll endup locking only
a jmp …

And by the way, there is no need to disable the optimization. The only thing
that you may want to set is “minimize code size” so there is no padding
between the functions but that’s not that much of a problem.

M-A

“Pankaj Garg” a écrit dans le message de news:
xxxxx@ntfsd…
> Yes you are right. But for Windows C compiler, we can turn the
> optimization
> off by doing something like
> #pragma optimize (“g”, off)
> to turn off the compiler optimization for that specific piece of code.
> (Its
> unfortunate that there is no push pop version for the optimize though)
>
> Wouldn’t that make sure that they are laid in the same order?
>
> Or can you suggest some other way to know the exact function size?
>
> –
> Pankaj Garg
> This posting is provided “AS IS” with no warranties and confers no rights.
>
>
> “Don Burn” wrote in message news:xxxxx@ntfsd…
>> You are making a heck of a lot of assumptions about the code generator to
> do
>> this. There is no requirement that foo_end follows foo.
>>
>>
>> –
>> Don Burn (MVP, Windows DDK)
>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>> Remove StopSpam from the email to reply
>>
>> “Pankaj Garg” wrote in message
>> news:xxxxx@ntfsd…
>> > You can do something like:
>> >
>> > void
>> > foo()
>> > {
>> > /* your function code here */
>> > return;
>> > }
>> >
>> > void
>> > foo_end()
>> > {
>> > }
>> >
>> > int main()
>> > {
>> > unsigned int size = 0;
>> > printf(“%u\n”, foo);
>> > printf(“%u\n”, foo_end);
>> > size = (unsigned int)foo_end - (unsigned int)foo;
>> > printf(“%u\n”, size);
>> > return 0;
>> > }
>> >
>> > ofcourse if the code is supposed to work on 64 bit as well, then use
>> > DWORD_PTR instead of unsigned int.
>> > Also i didn’t test it with inline functions but i don’t think this will
>> work
>> > with them.
>> >
>> > –
>> > Pankaj Garg
>> > This posting is provided “AS IS” with no warranties and confers no
> rights.
>> >
>> >
>> > “kedar” wrote in message news:xxxxx@ntfsd…
>> > > Hi All,
>> > >
>> > >
>> > > How to get the function ending address, I think to get the function
>> > starting
>> > > address we need to define function pointer and equate the function to
>> the
>> > > pointer and know the address.
>> > >
>> > > Any information is helpful.
>> > >
>> > > Thanks,
>> > > Kedar.

Well, I know from past experience that it is possible to make some
assumptions about addresses in sections. So, even in user mode, it is
sensible to group would-be-wired code into a section, and then put dummy
functions at the top and bottom of the section, using LINK options to
ensure that the dummies are, in fact, at the top and bottom.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Peter Viscarola
(OSR)
Sent: Tuesday, January 04, 2005 11:24 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] how to write non pageable function in Applications

Benson Margulies wrote:

Isn’t this why compiler has sections, pragmas to select sections, and
DDK support to make sections unpagable?

Yes, but OP asked about making a USER MODE application non-pageable.

Hence this discussion,

Peter
OSR


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@basistech.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

By function name, I mean the mangled function name.

“Marc-Antoine Ruel” a écrit dans le message de news:
xxxxx@ntfsd…
> In VC7.1, look in the project properties, Linker, Optimization, Function
> Order. You need to create a text file with the function names. If you are
> unable to get your function names right, you can try to make them extern
> “C”. Hint: look the map file to know the function name.
>
> Or simply look at the /ORDER linker option.
>
> And be SURE to not use Edit and Continue otherwise you’ll endup locking
> only a jmp …
>
> And by the way, there is no need to disable the optimization. The only
> thing that you may want to set is “minimize code size” so there is no
> padding between the functions but that’s not that much of a problem.
>
> M-A
>
> “Pankaj Garg” a écrit dans le message de news:
> xxxxx@ntfsd…
>> Yes you are right. But for Windows C compiler, we can turn the
>> optimization
>> off by doing something like
>> #pragma optimize (“g”, off)
>> to turn off the compiler optimization for that specific piece of code.
>> (Its
>> unfortunate that there is no push pop version for the optimize though)
>>
>> Wouldn’t that make sure that they are laid in the same order?
>>
>> Or can you suggest some other way to know the exact function size?
>>
>> –
>> Pankaj Garg
>> This posting is provided “AS IS” with no warranties and confers no
>> rights.
>>
>>
>> “Don Burn” wrote in message news:xxxxx@ntfsd…
>>> You are making a heck of a lot of assumptions about the code generator
>>> to
>> do
>>> this. There is no requirement that foo_end follows foo.
>>>
>>>
>>> –
>>> Don Burn (MVP, Windows DDK)
>>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>>> Remove StopSpam from the email to reply
>>>
>>> “Pankaj Garg” wrote in message
>>> news:xxxxx@ntfsd…
>>> > You can do something like:
>>> >
>>> > void
>>> > foo()
>>> > {
>>> > /* your function code here */
>>> > return;
>>> > }
>>> >
>>> > void
>>> > foo_end()
>>> > {
>>> > }
>>> >
>>> > int main()
>>> > {
>>> > unsigned int size = 0;
>>> > printf(“%u\n”, foo);
>>> > printf(“%u\n”, foo_end);
>>> > size = (unsigned int)foo_end - (unsigned int)foo;
>>> > printf(“%u\n”, size);
>>> > return 0;
>>> > }
>>> >
>>> > ofcourse if the code is supposed to work on 64 bit as well, then use
>>> > DWORD_PTR instead of unsigned int.
>>> > Also i didn’t test it with inline functions but i don’t think this
>>> > will
>>> work
>>> > with them.
>>> >
>>> > –
>>> > Pankaj Garg
>>> > This posting is provided “AS IS” with no warranties and confers no
>> rights.
>>> >
>>> >
>>> > “kedar” wrote in message news:xxxxx@ntfsd…
>>> > > Hi All,
>>> > >
>>> > >
>>> > > How to get the function ending address, I think to get the function
>>> > starting
>>> > > address we need to define function pointer and equate the function
>>> > > to
>>> the
>>> > > pointer and know the address.
>>> > >
>>> > > Any information is helpful.
>>> > >
>>> > > Thanks,
>>> > > Kedar.
>
>
>