Closed 0x4E69676874466F78 closed 3 years ago
Additional information: this happens in the temporary rules mode and the Windows firewall is enabled.
Try 3.3.2, a lot of dereference issues is fixed in this release.
FYI: new release has .pdb file package in release section, you can download it and see more details for process information.
@henrypp,
Try 3.3.2, a lot of dereference issues is fixed in this release.
Leak continues...
TID | Cycles | Start address | Priority (symbolic) |
---|---|---|---|
32 | 225 920 646 | ntdll.dll!RtlFreeUnicodeString+0x1370 | Normal |
6552 | 351 908 187 | ntdll.dll!RtlFreeUnicodeString+0x1370 | Normal |
7828 | 975 729 178 | simplewall.exe!_r_sys_basethreadstart | Lowest |
9832 | 92 556 | ntdll.dll!RtlFreeUnicodeString+0x1370 | Normal |
11468 | 16 496 681 459 | simplewall.exe!wWinMainCRTStartup | Normal |
# | Name |
---|---|
0 | ntoskrnl.exe!_misaligned_access+0x135a |
1 | ntoskrnl.exe!KeWaitForMultipleObjects+0x152f |
2 | ntoskrnl.exe!KeWaitForMultipleObjects+0xdd9 |
3 | ntoskrnl.exe!KeWaitForMutexObject+0x373 |
4 | ntoskrnl.exe!NtWaitForSingleObject+0xb2 |
5 | ntoskrnl.exe!setjmpex+0x6553 |
6 | ntdll.dll!NtWaitForSingleObject+0xa |
7 | KernelBase.dll!WaitForSingleObjectEx+0x98 |
8 | simplewall.exe!NetworkMonitorThread+0xc2a |
9 | simplewall.exe!_r_sys_basethreadstart+0x78 |
10 | kernel32.dll!BaseThreadInitThunk+0x22 |
11 | ntdll.dll!RtlUserThreadStart+0x34 |
# | Name |
---|---|
0 | ntoskrnl.exe!_misaligned_access+0x135a |
1 | ntoskrnl.exe!KeWaitForMultipleObjects+0x152f |
2 | ntoskrnl.exe!KeWaitForMultipleObjects+0xdd9 |
3 | ntoskrnl.exe!KeWaitForMultipleObjects+0x3a0 |
4 | win32k.sys!W32pArgumentTable+0x29d4 |
5 | win32k.sys!W32pArgumentTable+0x5fd |
6 | win32k.sys!W32pArgumentTable+0x25f1 |
7 | win32k.sys!EngCopyBits+0xc13a |
8 | win32k.sys!W32pArgumentTable+0x4da |
9 | ntoskrnl.exe!setjmpex+0x6553 |
10 | user32.dll!GetMessageW+0x5a |
11 | user32.dll!GetMessageW+0x25 |
12 | simplewall.exe!wWinMain+0x3ed |
13 | simplewall.exe!__scrt_common_main_seh+0x106 |
14 | kernel32.dll!BaseThreadInitThunk+0x22 |
15 | ntdll.dll!RtlUserThreadStart+0x34 |
TID | Cycles | Start address | Priority (symbolic) |
---|---|---|---|
2608 | 2 207 735 | ntdll.dll!RtlFreeUnicodeString+0x1370 | Normal |
7828 | 123 294 689 124 | simplewall.exe!_r_sys_basethreadstart | Lowest |
9832 | 494 064 | ntdll.dll!RtlFreeUnicodeString+0x1370 | Normal |
11468 | 96 981 646 487 | simplewall.exe!wWinMainCRTStartup | Normal |
12076 | 3 139 296 276 | ntdll.dll!RtlFreeUnicodeString+0x1370 | Normal |
# | Name |
---|---|
0 | ntoskrnl.exe!_misaligned_access+0x135a |
1 | ntoskrnl.exe!KeWaitForMultipleObjects+0x152f |
2 | ntoskrnl.exe!KeWaitForMultipleObjects+0xdd9 |
3 | ntoskrnl.exe!KeWaitForMutexObject+0x373 |
4 | ntoskrnl.exe!NtWaitForSingleObject+0xb2 |
5 | ntoskrnl.exe!setjmpex+0x6553 |
6 | ntdll.dll!NtWaitForSingleObject+0xa |
7 | KernelBase.dll!WaitForSingleObjectEx+0x98 |
8 | simplewall.exe!NetworkMonitorThread+0xc2a |
9 | simplewall.exe!_r_sys_basethreadstart+0x78 |
10 | kernel32.dll!BaseThreadInitThunk+0x22 |
11 | ntdll.dll!RtlUserThreadStart+0x34 |
# | Name |
---|---|
0 | ntoskrnl.exe!_misaligned_access+0x135a |
1 | ntoskrnl.exe!KeWaitForMultipleObjects+0x152f |
2 | ntoskrnl.exe!KeWaitForMultipleObjects+0xdd9 |
3 | ntoskrnl.exe!KeWaitForMultipleObjects+0x3a0 |
4 | win32k.sys!W32pArgumentTable+0x29d4 |
5 | win32k.sys!W32pArgumentTable+0x5fd |
6 | win32k.sys!W32pArgumentTable+0x25f1 |
7 | win32k.sys!EngCopyBits+0xc13a |
8 | win32k.sys!W32pArgumentTable+0x4da |
9 | ntoskrnl.exe!setjmpex+0x6553 |
10 | user32.dll!GetMessageW+0x5a |
11 | user32.dll!GetMessageW+0x25 |
12 | simplewall.exe!wWinMain+0x3ed |
13 | simplewall.exe!__scrt_common_main_seh+0x106 |
14 | kernel32.dll!BaseThreadInitThunk+0x22 |
15 | ntdll.dll!RtlUserThreadStart+0x34 |
# | Name |
---|---|
0 | ntoskrnl.exe!_misaligned_access+0x135a |
1 | ntoskrnl.exe!KeWaitForMultipleObjects+0x152f |
2 | ntoskrnl.exe!KeWaitForMultipleObjects+0xdd9 |
3 | ntoskrnl.exe!KeRemoveQueueEx+0x788 |
4 | ntoskrnl.exe!_misaligned_access+0x21fe |
5 | ntoskrnl.exe!_misaligned_access+0x187f |
6 | ntoskrnl.exe!setjmpex+0x6553 |
7 | ntdll.dll!NtWaitForWorkViaWorkerFactory+0xa |
8 | ntdll.dll!RtlFreeUnicodeString+0x1ab6 |
9 | kernel32.dll!BaseThreadInitThunk+0x22 |
10 | ntdll.dll!RtlUserThreadStart+0x34 |
# | Address | Used | Commited | Entries | Flags | Class | Type |
---|---|---|---|---|---|---|---|
1 | 0xd78f150000 | 6,56 MB | 6,69 MB | 5 | Growable (0x2) | Process Heap | NT Heap |
2 | 0xd78eea0000 | 1,83 kB | 4 kB | 1 | CSRSS Port Heap | NT Heap | |
3 | 0xd78f540000 | 216,39 kB | 372 kB | 3 | Growable (0x2) | Private Heap | NT Heap |
4 | 0xd78f460000 | 66,72 kB | 80 kB | 3 | Growable (0x2) | Private Heap | NT Heap |
5 | 0xd790ff0000 | 4,8 MB | 4,85 MB | 5 | Growable (0x2) | Private Heap | NT Heap |
# | Address | Used | Commited | Entries | Flags | Class | Type |
---|---|---|---|---|---|---|---|
1 | 0xd78f150000 | 82,96 MB | 84,99 MB | 11 | Growable (0x2) | Process Heap | NT Heap |
2 | 0xd78eea0000 | 1,83 kB | 4 kB | 1 | CSRSS Port Heap | NT Heap | |
3 | 0xd78f540000 | 222,97 kB | 372 kB | 3 | Growable (0x2) | Private Heap | NT Heap |
4 | 0xd78f460000 | 66,72 kB | 80 kB | 3 | Growable (0x2) | Private Heap | NT Heap |
5 | 0xd790ff0000 | 69,42 MB | 69,49 MB | 11 | Growable (0x2) | Private Heap | NT Heap |
Process Hacker (simplewall.exe) Memory (13 minutes and 8 seconds ago (27.04.2021)).txt Process Hacker (simplewall.exe) Memory (2 days ago (27.04.2021)).txt
Only with temporary rules you can see memory leak or persistent-mode leak too?
Do you enable "Packet logging interface"?
Only with temporary rules you can see memory leak or persistent-mode leak too?
Not tested with persistent-mode.
Do you enable "Packet logging interface"?
Oh, Yes. I just opened the Packet logs tab and it freze. I did think that it is automatically truncate or has a virtual viewport (loading only visible items).
I will test without packet logging.
The leak seems to persist, but progress is noticeably slower. 4 days and 16 hours ago = 30,23 MB I continue to observe.
fixed
General
On startup after about 3 minutes simplewall takes up ~10-11MB. After some incomprehensible events, it can consume more than 2 gigabytes of memory (in current example 218MB). The main clue is the big uptime and high number of hibernation.
Basic info
Info from ProcessHacker v3.0.3959 (62242a7). OS: Windows 8.1, 64bit. Simplewall: 3.2.4 Release, 64-bit (Unicode)
Heaps on start
Heaps after some days
Threads on start
Stack Thread 2880
Stack Thread 10408
Threads after some days:
Stack Thread 2880
Stack Thread 10408
Detail memory info
detail memory info.txt