Five bugs identified and patched in retail Asheron's Call client: - v3b: palette refcount over-increment (3-byte NOP at two sites) - v5: RenderSurface PurgeResource no-op stub (vtable slot 2 thunk) - v11: two dangling-pointer crash guards (NULL-check + reorder) - v14: CEnvCell::Destroy ClipPlaneList leak (18-byte JMP to cleanup thunk) - v22: unpacker stale-pointer SEH guard (whole-function __try/__except) All five ship in leakfix.dll (117 KB, SHA d282f23c…) which is loaded by acclient.exe at process start via PE import table patching by tools/install_leakfix.py. Controlled 15-client fleet soak: unpatched control died at 26h with palette exhaustion; all 14 patched clients survived past that point and reached ≥5-day uptime. Residual ~15 MB/h growth traced to d3d9.dll's internal slab allocator (260KB surface backing buffers retained after Release). See REPORT.md §10 for the full investigation; conclusion is that it's unfixable from outside d3d9. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
57 lines
2.3 KiB
PowerShell
57 lines
2.3 KiB
PowerShell
#requires -Version 5.1
|
|
<#
|
|
admin_hklm_only.ps1 — minimal admin script for the two HKLM writes.
|
|
SDK Debuggers are already extracted as flat files; this script only
|
|
handles the things gflags + WER need that touch HKLM:
|
|
|
|
1. Configure WER LocalDumps for acclient.exe (auto-dumps on crash).
|
|
2. gflags +ust on acclient.exe (heap-allocation stack tagging on
|
|
FUTURE acclient spawns; current ones won't pick it up).
|
|
#>
|
|
|
|
$ErrorActionPreference = 'Continue'
|
|
$log = 'C:\Users\acbot\leakhunt\artifacts\soak\admin_hklm.log'
|
|
Start-Transcript -Path $log -Force | Out-Null
|
|
|
|
try {
|
|
|
|
if (-not ([Security.Principal.WindowsPrincipal]::new(
|
|
[Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole(
|
|
[Security.Principal.WindowsBuiltInRole]::Administrator)) {
|
|
Write-Host 'ERROR: not elevated. Aborting.' -ForegroundColor Red
|
|
Stop-Transcript | Out-Null
|
|
Read-Host 'press enter to close'
|
|
exit 1
|
|
}
|
|
|
|
Write-Host "=== admin_hklm_only.ps1 started @ $(Get-Date -Format o) ===" -ForegroundColor Cyan
|
|
|
|
# [1/2] WER LocalDumps
|
|
Write-Host '[1/2] Configuring WER LocalDumps for acclient.exe...' -ForegroundColor Cyan
|
|
$dumpDir = 'C:\Users\acbot\leakhunt\artifacts\crashdumps'
|
|
New-Item -ItemType Directory -Path $dumpDir -Force | Out-Null
|
|
$werKey = 'HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\acclient.exe'
|
|
New-Item -Path $werKey -Force | Out-Null
|
|
New-ItemProperty -Path $werKey -Name 'DumpFolder' -Value $dumpDir -PropertyType ExpandString -Force | Out-Null
|
|
New-ItemProperty -Path $werKey -Name 'DumpType' -Value 2 -PropertyType DWord -Force | Out-Null # 2 = Full
|
|
New-ItemProperty -Path $werKey -Name 'DumpCount' -Value 25 -PropertyType DWord -Force | Out-Null
|
|
Get-ItemProperty -Path $werKey | Format-List DumpFolder, DumpType, DumpCount
|
|
|
|
# [2/2] gflags +ust
|
|
$gflags = 'C:\Users\acbot\Tools\WindowsKits\Windows Kits\10\Debuggers\x86\gflags.exe'
|
|
Write-Host '[2/2] Enabling gflags +ust on acclient.exe...' -ForegroundColor Cyan
|
|
if (Test-Path $gflags) {
|
|
& $gflags /i acclient.exe +ust
|
|
" current image-file flags:"
|
|
& $gflags /i acclient.exe
|
|
} else {
|
|
Write-Warning "gflags.exe not found at $gflags"
|
|
}
|
|
|
|
Write-Host "=== admin_hklm_only.ps1 finished @ $(Get-Date -Format o) ===" -ForegroundColor Green
|
|
|
|
} catch {
|
|
Write-Host "FATAL: $($_ | Out-String)" -ForegroundColor Red
|
|
}
|
|
Stop-Transcript | Out-Null
|
|
Read-Host 'press enter to close'
|