- Forum
- Windows Programming
- VirtualFree :: Self deleting memory
VirtualFree :: Self deleting memory
Hello,
I have a thread on an allocated memory (with VirtualAlloc).
Is it possible to free (VirtualFree) this memory directly from the thread that is running on this allocated memory?
If yes, then how?
I have a thread on an allocated memory (with VirtualAlloc).
Is it possible to free (VirtualFree) this memory directly from the thread that is running on this allocated memory?
If yes, then how?
| I have a thread on an allocated memory (with VirtualAlloc). |
| Is it possible to free (VirtualFree) this memory directly from the thread that is running on this allocated memory? |
You should not be calling VirtualAlloc/VirtualFree unless you specifically need to use special features of Windows memory management. You should be using new/delete instead.
My guess is the OP has injected a thread or done something similar. My guess is that he/she probably used VirtualAlloc() + VirtualProtect() to grant Execute permission (and avoid DEP) and is now asking if the thread itself can deallocate this.
I am guessing it is not possible exactly like that. If a thread waits on that thread and then deallocates, well, that would be OK.
I am guessing it is not possible exactly like that. If a thread waits on that thread and then deallocates, well, that would be OK.
| My guess is the OP has injected a thread or done something similar |
Yes, you are right.
Well... okay, thank you for replies.
I'll do like webJose said,
| thread waits on that thread and then deallocates |
I also have an interesting solution:
It is to create another process for example "explorer.exe" with a CREATE_SUSPENDED flag, and write there a code which deallocates this memory. But why would I need it if I can deallocate it from the process which has allocated this memory as well. ( idea from self deleting exe. code http://www.codeproject.com/Articles/17052/Self-Deleting-Executables )
Last edited on
Having an executable delete itself and having a process de-allocate memory are two completely different things. De-allocating memory will remove the thread that you injected from the host process, the only affect this has is on the system memory. If an executable were to delete itself then it would physically remove itself from the disk on the host machine, in other words the file that you ran would no longer exist. This later method is useful for avoiding detection in the long run.
Topic archived. No new replies allowed.