This note describes two ways to verify the heap manager settings if the termination on corruption flag is enabled. Both of them require Windbg.
- Execute the below command to print the value of the disable break on failure cookie. If the value is zero the termination on heap corruption flag is set, otherwise it's unset. For more details about this see the previous post.
0:031> db ntdll!RtlpDisableBreakOnFailureCookie L4
77230098 aa cb 7f 69 ...i
- Another way is to execute the following command to print if the termination on heap corruption is enabled.
0:031> !heap -s
LFH Key : 0x726d2f4c
Termination on corruption : DISABLED
I checked the popular browsers (32-bit version) if they have the termination on heap corruption feature enabled. Here is the result.
Internet Explorer: ENABLED
Chrome: ENABLED
Mozilla Firefox: DISABLED
I asked Mozilla what's the reason to not enable this mitigation but haven't heard back from them so far.
