A guard page provides a one-shot alarm for memory page access. This can be useful for an application that needs to monitor the growth of large dynamic data structures. For example, there are operating systems that use guard pages to implement automatic stack checking.
To create a guard page, set the PAGE_GUARD page protection modifier flag for the page. This flag can be specified, along with other page protection flags, in the functions VirtualAlloc, VirtualProtect, and VirtualProtectEx. The PAGE_GUARD flag can be used with any other page protection flag, except for the NO_ACCESS flag.
If a program attempts to access an address within a guard page, the system raises a STATUS_GUARD_PAGE (0x80000001) exception. The system also clears the PAGE_GUARD flag, removing the memory page's guard page status. The system will not stop the next attempt to access the memory page with a STATUS_GUARD_PAGE exception.
If a guard page exception occurs during a system service, the service fails and typically returns some failure status indicator. Since the system also removes the relevant memory page's guard page status, the next invocation of the same system service won't fail due to a STATUS_GUARD_PAGE exception (unless, of course, someone reestablishes the guard page).
The following short program illustrates the one-shot behavior of guard page protection, and how it can cause a system service to fail:
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
int main()
{
LPVOID lpvAddr;
DWORD cbSize;
BOOL vLock;
LPVOID commit;
// Amount of memory to allocate.
cbSize = 512;
// Try to allocate some memory.
lpvAddr = VirtualAlloc(NULL,cbSize,MEM_RESERVE,PAGE_NOACCESS);
if(lpvAddr == NULL)
{
fprintf(stdout,"VirtualAlloc failed on RESERVE with %ld\n",
GetLastError());
}
// Try to commit the allocated memory.
commit =
VirtualAlloc(NULL,cbSize,MEM_COMMIT,PAGE_READONLY|PAGE_GUARD);
if(commit == NULL)
{
fprintf(stderr,"VirtualAlloc failed on COMMIT with %ld\n",
GetLastError());
}
else
{
fprintf(stderr,"Committed %lu bytes at address %lp\n",
cbSize,commit);
}
// Try to lock the committed memory.
vLock = VirtualLock(commit,cbSize);
if(!vLock)
{
fprintf(stderr,"Cannot lock at %lp, error = %lu\n",
commit,GetLastError());
}
else fprintf(stderr,"Lock Achieved at %lp\n",commit);
// Try to lock the committed memory again.
vLock = VirtualLock(commit,cbSize);
if(!vLock)
{
fprintf(stderr,"Cannot get 2nd lock at %lp, error = %lu\n",
commit,GetLastError());
}
else fprintf(stderr,"2nd Lock Achieved at %lp\n",commit);
}
The output of this program looks like this:
Committed 512 bytes at address 003F0000
Cannot lock at 003F0000, error = 0x80000001
2nd Lock Achieved at 003F0000
Note The first attempt to lock the memory block fails, raising a STATUS_GUARD_PAGE exception. The second attempt succeeds, because the memory block's guard page protection has been toggled off by the first attempt.