Voila
2010-09-02 14:50:31 UTC
hello . i m try to debug heap memory ( basically i want to know the
size of first heap element of freelist[00] ) on windows 7 using
windbg .. so i create a simple code .. which is like this ...
int __cdecl wmain (int argc, wchar_t* pArgs[])
{
BYTE* pAlloc1=NULL;
BYTE* pAlloc2=NULL;
HANDLE hProcessHeap=GetProcessHeap();
pAlloc1=(BYTE*)HeapAlloc(hProcessHeap, 0, 16);
pAlloc2=(BYTE*)HeapAlloc(hProcessHeap, 0, 1500);
//
// Use allocated memory
//
HeapFree(hProcessHeap, 0, pAlloc1);
HeapFree(hProcessHeap, 0, pAlloc2);
}
, So i take the following steps ..
.
.
.
+0x090 ProcessHeaps : 0x77c37500 -> 0x000b0000
.
.
.
0:000> dd 77c37500
77c37500 000b0000 00010000 00020000 00090000
77c37510 00000000 00000000 00000000 00000000
0:000> dt _heap 000b0000
ntdll!_HEAP
+0x000 Entry : _HEAP_ENTRY
+0x008 SegmentSignature : 0xffeeffee
.
.
.
+0x0c4 FreeLists : _LIST_ENTRY [ 0xb4268 - 0xb52a8 ]
.
.
.
0:000> dt _list_entry 000b0000+0x0c4
third!_LIST_ENTRY
[ 0xb4268 - 0xb52a8 ]
+0x000 Flink : 0x000b4268 _LIST_ENTRY [ 0xb43e0 -
0xb00c4 ]
+0x004 Blink : 0x000b52a8 _LIST_ENTRY [ 0xb00c4 -
0xb43e0 ]
0:000> dt _heap_entry 000b4268-0x8
ntdll!_HEAP_ENTRY
+0x000 Size : 0x8767 ------------------------> Huge
Size
+0x002 Flags : 0x77 'w'
+0x003 SmallTagIndex : 0x78 'x'
+0x000 SubSegmentCode : 0x78778767
.
.
.
.
My problem is that , first of all i want to know .. whether i have
taken right steps to reach to FREELIST[00] ???? may be not ....
because to get actual size of heap element at freelist[00] , we
multiply 0x8767*8 = 43b38 .. which is huge ...
Can any one tell me .. where i m wrong ..
Thank in Advance ...
size of first heap element of freelist[00] ) on windows 7 using
windbg .. so i create a simple code .. which is like this ...
int __cdecl wmain (int argc, wchar_t* pArgs[])
{
BYTE* pAlloc1=NULL;
BYTE* pAlloc2=NULL;
HANDLE hProcessHeap=GetProcessHeap();
pAlloc1=(BYTE*)HeapAlloc(hProcessHeap, 0, 16);
pAlloc2=(BYTE*)HeapAlloc(hProcessHeap, 0, 1500);
//
// Use allocated memory
//
HeapFree(hProcessHeap, 0, pAlloc1);
HeapFree(hProcessHeap, 0, pAlloc2);
}
, So i take the following steps ..
.
.
.
+0x090 ProcessHeaps : 0x77c37500 -> 0x000b0000
.
.
.
0:000> dd 77c37500
77c37500 000b0000 00010000 00020000 00090000
77c37510 00000000 00000000 00000000 00000000
0:000> dt _heap 000b0000
ntdll!_HEAP
+0x000 Entry : _HEAP_ENTRY
+0x008 SegmentSignature : 0xffeeffee
.
.
.
+0x0c4 FreeLists : _LIST_ENTRY [ 0xb4268 - 0xb52a8 ]
.
.
.
0:000> dt _list_entry 000b0000+0x0c4
third!_LIST_ENTRY
[ 0xb4268 - 0xb52a8 ]
+0x000 Flink : 0x000b4268 _LIST_ENTRY [ 0xb43e0 -
0xb00c4 ]
+0x004 Blink : 0x000b52a8 _LIST_ENTRY [ 0xb00c4 -
0xb43e0 ]
0:000> dt _heap_entry 000b4268-0x8
ntdll!_HEAP_ENTRY
+0x000 Size : 0x8767 ------------------------> Huge
Size
+0x002 Flags : 0x77 'w'
+0x003 SmallTagIndex : 0x78 'x'
+0x000 SubSegmentCode : 0x78778767
.
.
.
.
My problem is that , first of all i want to know .. whether i have
taken right steps to reach to FREELIST[00] ???? may be not ....
because to get actual size of heap element at freelist[00] , we
multiply 0x8767*8 = 43b38 .. which is huge ...
Can any one tell me .. where i m wrong ..
Thank in Advance ...