An application establishes a guard page by setting a memory page's PAGE_GUARD page protection modifier flag. This flag can be specified, along with other page protection flags, in the functions VirtualAlloc, VirtualProtect, and VirtualProtectEx. The PAGE_GUARD flag can be used with any other page protection flag, except for the NO_ACCESS flag.
If a program attempts to access an address within a guard page, the operating system raises a STATUS_GUARD_PAGE (0x80000001) exception. The operating system also clears the PAGE_GUARD flag, removing the memory page's guard page status. The system will not stop the next attempt to access the memory page with a STATUS_GUARD_PAGE exception.
If a guard page exception occurs during a system service, the service fails and typically returns some failure status indicator. Since the system also removes the relevant memory page's guard page status, the next invocation of the same system service won't fail due to a STATUS_GUARD_PAGE exception (unless, of course, someone reestablishes the guard page).
A guard page thus provides a one-shot alarm for memory page access. This can be useful for an application that needs to monitor the growth of large dynamic data structures. For example, there are operating systems that use guard pages to implement automatic stack checking.
The following short program illustrates the one-shot behavior of guard page protection, and how it can cause a system service to fail:
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
int main()
{
// local variables
LPVOID lpvAddr;
DWORD cbSize;
BOOL vLock;
LPVOID commit;
// amount of memory we'll allocate
cbSize = 512;
// try to allocate some memory
lpvAddr = VirtualAlloc(NULL,cbSize,MEM_RESERVE,PAGE_NOACCESS);
// if we failed ...
if(lpvAddr == NULL)
fprintf(stdout,"VirtualAlloc failed on RESERVE with %ld\n",
GetLastError());
// try to commit the allocated memory
commit = VirtualAlloc(NULL,cbSize,MEM_COMMIT,PAGE_READONLY|PAGE_GUARD);
// if we failed ...
if(commit == NULL)
fprintf(stderr,"VirtualAlloc failed on COMMIT with %ld\n",
GetLastError());
else // we succeeded
fprintf(stderr,"Committed %lu bytes at address %lp\n",
cbSize,commit);
// try to lock the committed memory
vLock = VirtualLock(commit,cbSize);
// if we failed ...
if(!vLock)
fprintf(stderr,"Cannot lock at %lp, error = %lu\n",
commit,GetLastError());
else // we succeeded
fprintf(stderr,"Lock Achieved at %lp\n",commit);
// try to lock the committed memory again
vLock = VirtualLock(commit,cbSize);
// if we failed ...
if(!vLock)
fprintf(stderr,"Cannot get 2nd lock at %lp, error = %lu\n",
commit,GetLastError());
else // we succeeded
fprintf(stderr,"2nd Lock Achieved at %lp\n",commit);
} // endof function
The output of this program looks like this:
Committed 512 bytes at address 003F0000
Cannot lock at 003F0000, error = 0x80000001
2nd Lock Achieved at 003F0000
Note that the first attempt to lock the memory block fails, raising a STATUS_GUARD_PAGE exception. The second attempt succeeds, because the memory block's guard page protection has been toggled off by the first attempt.