madshi.net

Posted: **Sun Apr 19, 2020 5:29 pm**

Create a form, put a TEdit in form, run and focus to this edit, exit, then mad reported threadhandle leak in DUI70.dll
From the call stack point of view, it is the input method (I use the Asian Unicode environment) that loads dui70
I think mad has detected the creation, but the thread handle release is after mad exits, so mad has not caught the release, so report the leak

thread $1b74:
671a9f4a madExcept32.dll madExceptDbg 4052 CreateThreadCallback
004a7723 Test44Prj.exe madExcept 17661 HookedCreateThread
77416d0f msvcrt.dll _beginthreadex
5c25b730 DUser.dll InitGadgets
5c31d70d DUI70.dll InitThread
77a26357 KERNEL32.DLL BaseThreadInitThunk

:5c329ca0 ; C:\WINDOWS\SysWOW64\DUI70.dll
:77bf5608 ntdll.RtlGetNtSystemRoot + 0x68
:77c03f7f ;
:77c04826 ;
:77c0483d ;
:77c14164 ;
:77bf508c ;
:77c04e8c ;
:77c04db3 ntdll.LdrLoadDll + 0x93
:6719d87c ; C:\madExcept\madExcept32.dll
:71ab1000
:76e58752 ; C:\WINDOWS\SysWOW64\combase.dll
:76e586db ; C:\WINDOWS\SysWOW64\combase.dll
:76e584ef ; C:\WINDOWS\SysWOW64\combase.dll
:76e5b620 ; C:\WINDOWS\SysWOW64\combase.dll
:76e181bc ; C:\WINDOWS\SysWOW64\combase.dll
:76e5a694 ; C:\WINDOWS\SysWOW64\combase.dll
:76e58e92 ; C:\WINDOWS\SysWOW64\combase.dll
:76e4f545 ; C:\WINDOWS\SysWOW64\combase.dll
:76e58a8e ; C:\WINDOWS\SysWOW64\combase.dll
:76e5afda ; C:\WINDOWS\SysWOW64\combase.dll
:76e851c5 ; C:\WINDOWS\SysWOW64\combase.dll
:76e8507d ; C:\WINDOWS\SysWOW64\combase.dll
:76e85001 ; C:\WINDOWS\SysWOW64\combase.dll
:76e4f50d ; C:\WINDOWS\SysWOW64\combase.dll
:76e4f64d ; C:\WINDOWS\SysWOW64\combase.dll
:76e4f514 ; C:\WINDOWS\SysWOW64\combase.dll
:76e1a7e7 ; C:\WINDOWS\SysWOW64\combase.dll
:76e19c15 ; C:\WINDOWS\SysWOW64\combase.dll
:76e19a3e combase.CoCreateInstance + 0xbe
:7778cb29 ; C:\WINDOWS\SysWOW64\MSCTF.dll
:777ea940 ; C:\WINDOWS\SysWOW64\MSCTF.dll
:777ef19f ; C:\WINDOWS\SysWOW64\MSCTF.dll
:777ee4cb ; C:\WINDOWS\SysWOW64\MSCTF.dll
:777ea0b8 ; C:\WINDOWS\SysWOW64\MSCTF.dll
:777aa04f ; C:\WINDOWS\SysWOW64\MSCTF.dll
:7776bc7f ; C:\WINDOWS\SysWOW64\MSCTF.dll
:7778ec5b ; C:\WINDOWS\SysWOW64\MSCTF.dll
:7776a4a8 ; C:\WINDOWS\SysWOW64\MSCTF.dll
:7776a215 ; C:\WINDOWS\SysWOW64\MSCTF.dll
:7776a1a1 ; C:\WINDOWS\SysWOW64\MSCTF.dll
:77769e91 ; C:\WINDOWS\SysWOW64\MSCTF.dll
:7776905d ; C:\WINDOWS\SysWOW64\MSCTF.dll
:777f0d23 ; C:\WINDOWS\SysWOW64\MSCTF.dll
:777ef291 ; C:\WINDOWS\SysWOW64\MSCTF.dll
:777a98b4 ; C:\WINDOWS\SysWOW64\MSCTF.dll
:77767c3a ; C:\WINDOWS\SysWOW64\MSCTF.dll
:7780327a ; C:\WINDOWS\SysWOW64\MSCTF.dll
:777c680f ; C:\WINDOWS\SysWOW64\MSCTF.dll
:777ba861 ; C:\WINDOWS\SysWOW64\MSCTF.dll
:777d86bf ; C:\WINDOWS\SysWOW64\MSCTF.dll
:7777e574 ; C:\WINDOWS\SysWOW64\MSCTF.dll
:777a24fb ; C:\WINDOWS\SysWOW64\MSCTF.dll
:778b444b USER32.AddClipboardFormatListener + 0x4b
:77894f8c ; C:\WINDOWS\SysWOW64\USER32.dll
:778940de ; C:\WINDOWS\SysWOW64\USER32.dll
:77893ec0 USER32.DispatchMessageW + 0x10
Vcl.Forms.TApplication.ProcessMessage(???)

Posted: **Thu Apr 23, 2020 6:56 am**

Are you 100% sure that the thread handle is freed at all?

madExcept's leak reporting is run after all your unit finalization sections have run through. So I don't see how the thread handle would still be released after the leak reporting.

Posted: **Thu Apr 30, 2020 5:20 am**

DUI70.dll is Windows's dll used by IME, So the thread hanle shuold be released after my app exit.
The question is how not to display this information belong to system control.

Posted: **Thu Apr 30, 2020 7:56 am**

If you're sure that this is not a leak, you can try if this works?

HideLeak('_beginthreadex|InitGadgets');

Posted: **Thu Apr 30, 2020 6:38 pm**

I Add HideLeak in program begin and end, no effect

begin
HideLeak('_beginthreadex|InitGadgets');
Application.Initialize;
Application.MainFormOnTaskbar := True;
Application.CreateForm(TForm1, Form1);
Application.Run;
HideLeak('_beginthreadex|InitGadgets');
end.

Posted: **Sun May 17, 2020 5:49 pm**

I found the problem and sent a post independently

viewtopic.php?f=11&t=28814

With this post modification, hideleak ('| beginthreadex| initgadgets') works

Posted: **Tue May 19, 2020 11:32 am**

Great, thanks!

madshi.net

Madexception reported threadhandle leak in DUI70.dll

Madexception reported threadhandle leak in DUI70.dll

Re: Madexception reported threadhandle leak in DUI70.dll

Re: Madexception reported threadhandle leak in DUI70.dll

Re: Madexception reported threadhandle leak in DUI70.dll

Re: Madexception reported threadhandle leak in DUI70.dll

Re: Madexception reported threadhandle leak in DUI70.dll

Re: Madexception reported threadhandle leak in DUI70.dll