Brief Q&A on the HeapEnableTerminationOnCorruption heap information flag


Question: What type of heaps are controlled by the Heap­Enable­Termination­On­Corruption flag?

Answer: Any user-mode heap created by the Heap­Create function. This includes the process heap (Get­Process­Heap) but not the managed heap. Some components use Heap­Create under the hood. If so, then those heaps would also be affected.

Question: What versions of Windows support Heap­Enable­Termination­On­Corruption?

Answer: The flag was introduced in Windows Vista and Windows Server 2008. It is also available on Windows XP Service Pack 3. In table form:

Support Client Server

Not Available
...
Windows 2000
Windows XP RTM, SP1, SP2
...
Windows Server 2000
Windows Server 2003
Available
Windows XP SP3
Windows Vista
Windows 7
...

Windows Server 2008
Windows Server 2008 R2
...

Question: For operating systems that support it, under what conditions will termination on corruption be enabled?

Answer:

  1. For all 64-bit processes.
  2. For all 32-bit processes whose executable sets the subsystem major version to 6 or higher in the image header.
  3. If you call Heap­Set­Information with the Heap­Enable­Termination­On­Corruption parameter.

Question: What is the effect of setting the subsystem major version in a DLL? Will that control whether termination on corruption is enabled for any heaps created by my DLL?

Answer: No. For the purpose of rule 2 above, it is the major subsystem of the executable that decides whether termination on corruption. The major subsystem of any DLLs loaded by the process have no effect. This is consistent with other process decisions.

Question: Can I enable termination on corruption for some heaps but not others?

Answer: No. Turning on termination on corruption turns it on for all heaps in the process.

Question: Can I disable termination on corruption after it has been enabled?

Answer: No. It is a one-way door.

Comments (13)
  1. John says:

    I enjoyed the use of the :) and :( in the table, all tables hence forth shall contain these two emoticons.

  2. ErikF says:

    @John: In that vein, I believe that I shall use for recommended practices and for deprecated practices as well!

    Regarding this function, I'm glad that Windows XP/2003 simply ignore this flag and don't blow up if you use it (they don't honour it, but if you're using this you should probably be version-checking already.)

  3. I don't mean to nitpick but "Windows Server 2003 R2" is missing from the table. There is also a typo: It reads "Windows Server 2000". There is no such OS, although there are the various server editions of "Windows 2000" and Windows NT x.

  4. Azarien says:

    What about the (usually forgotten) x64 version of Windows XP, which doesn't have SP3?

  5. alegr1 says:

    x64 version of Windows XP is Windows Server 2003

  6. Lee says:

    @John, @ErikF, Utah's tax forms have for at least 20 years had those emoticons next to the lines for Refund and Tax Due.

  7. Azarien says:

    @Lee: I guess it's :( for Refund and :) for Tax Due…

  8. ErikF says:

    Hmmm, I just noticed that the Unicode THUMBS UP and THUMBS DOWN glyphs didn't show up in my post. Normally I would point to a Michael Kaplan blog entry about this but sadly his blog is no more [Unicode WHITE FROWNING FACE (U+2639)]!

  9. Azarien says:

    @ErikF: Michael Kaplan started a new blog, search for "sorting the rest all out".

  10. cheong00 says:

    @Fleet Command: AFAIK Win2003 R2 is just Win2003 SP1 + additional features disk. From system API's perspective there aren't much difference.

  11. forgot something? says:

    What about all other obscure OS in-between, like XP Embedded and MCE?

    [Y'know, no customer ever asked about those, or about Windows Server 2003 R2 or about 640bit Windows XP. So I leave those as exercises for you. -Raymond]
  12. alegr1 says:

    [about 640bit Windows XP]

    We all know that 640 bit should be enough for everybody.

  13. Joshua says:

    I guess I've been assuming that Windows Server 2003 R2 is programatically like Windows Server 2003. Only encountered it after having preped for supporting Windows Server 2008 though.

    There are some version checks for NT version >= 6 to see if some APIs exist and one to try to figure out which version of the package manager to run but otherwise the support was done without version checks so I guess I won't find out.

    The package manager check is to install some components of IIS only if the base component is already installed (to avoid surprises). It turns out we depend on an obscure subcomponent not installed by default anymore and auto-installing that subcomponent keeps our support costs down without opening up unexpected attack channels.

Comments are closed.

Skip to main content