Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This doesn't seem to be the case. On the latest Windows 10 I tried out this test program

  HANDLE file = CreateFile(TEXT("\\\\.\\C:\\mmap.bin"), GENERIC_ALL | SYNCHRONIZE, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, NULL, OPEN_ALWAYS, 0 /*can also try: FILE_FLAG_DELETE_ON_CLOSE*/, NULL);
  if (file != INVALID_HANDLE_VALUE)
  {
  	HANDLE mapping = CreateFileMapping(file, NULL, PAGE_EXECUTE_READWRITE, 0, 1, NULL);
  	void *ptr = MapViewOfFile(mapping, FILE_MAP_ALL_ACCESS, 0, 0, 0);
  	CloseHandle(file);
  	*static_cast<unsigned char *>(ptr) += 1;
  }
with /NXCOMPAT and even /DYNAMICBASE and with the embedded manifest

  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
  	<assemblyIdentity type="win32" name="Microsoft.Windows.Foo" version="1.0.0.0"></assemblyIdentity>
  	<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
  		<security>
  			<requestedPrivileges>
  				<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
  			</requestedPrivileges>
  		</security>
  	</trustInfo>
  	<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
  		<application>
  			<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS>
  		</application>
  	</compatibility>
  </assembly>
but it seems to still modify the file after closure even after the CloseHandle call.


When I get time I might actually debug this to see what's going on. I'm quite curious what happens when you access the pointer again. If the Kernel really is remapping the pages again as the anecdotes from Raymond would suggest it might be. Or if it just hasn't reclaimed them yet. VMMap and ProcessExplorer should give the story.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: