windbg中“?heap -h”output中的“内部”是什么意思?
[英]What's the meaning of "Internal" in "!heap -h" output in windbg?
问题描述
I am following this stackoverflow post What do the different columns in the "!heap -flt -s xxxx" windbg command represent
我正在关注这个 stackoverflow 帖子“!heap -flt -s xxxx”windbg 命令中的不同列代表什么
I am trying to understand the information printed out for one of the heaps that using up a lot of memory.我试图了解为其中一个堆打印出的信息,该堆耗尽了很多 memory。
I can understand most of the columns but on my windbg, I see an additional column.我可以理解大部分专栏,但在我的 windbg 上,我看到了一个额外的专栏。 Most of my entries are marked as Internal .我的大部分条目都标记为Internal 。 I wonder what that means.我想知道那是什么意思。 I have done !gflags +ust .我已经完成了!gflags +ust 。 So, I can see the call stack for making the memory allocation.因此,我可以看到进行 memory 分配的调用堆栈。 I can do it on most of the entries except the ones marked as Internal .除了标记为Internal的条目外,我可以对大多数条目执行此操作。
What does Internal mean?内部是什么意思? Is it something related to the implementation of LFH?它与LFH的实施有关吗? If this is the internal implementation of LFH, how and when will these Internal heap entries return to the free list?如果这是 LFH 的内部实现,这些内部堆条目将如何以及何时返回到空闲列表? It's holding up my memory for no reasons now.它现在无缘无故地阻止了我的 memory。
Here is the output of !heap -h 0000000002330000 for your reference.这里是!heap -h 0000000002330000的output供大家参考。
Index Address Name Debugging options enabled
8: 02330000
Segment at 0000000002330000 to 0000000002340000 (00010000 bytes committed)
Segment at 00000000032b0000 to 00000000033b0000 (00100000 bytes committed)
Segment at 00000000065a0000 to 00000000067a0000 (00200000 bytes committed)
Segment at 00000000067a0000 to 0000000006ba0000 (00400000 bytes committed)
Segment at 0000000006d80000 to 0000000007580000 (006f2000 bytes committed)
Flags: 08001002
ForceFlags: 00000000
Granularity: 16 bytes
Segment Reserve: 01000000
Segment Commit: 00002000
DeCommit Block Thres: 00000400
DeCommit Total Thres: 00001000
Total Free Size: 0000274d
Max. Allocation Size: 000007fffffdefff
Lock Variable at: 00000000023301f8
Next TagIndex: 0000
Maximum TagIndex: 0000
Tag Entries: 00000000
PsuedoTag Entries: 00000000
Virtual Alloc List: 02330118
Uncommitted ranges: 023300f8
FreeList[ 00 ] at 0000000002330158: 0000000007454600 . 00000000032e3de0 (24 blocks)
Heap entries for Segment00 in Heap 0000000002330000
0000000002330000: 00000 . 00a70 [101] - busy (a6f)
0000000002330a70: 00a70 . 00860 [101] - busy (85f)
00000000023312d0: 00860 . 038b0 [101] - busy (38af)
0000000002334b80: 038b0 . 00330 [100]
0000000002334eb0: 00330 . 00b60 [101] - busy (b34)
0000000002335a10: 00b60 . 00160 [101] - busy (134)
0000000002335b70: 00160 . 00090 [101] - busy (5c)
0000000002335c00: 00090 . 00090 [101] - busy (5c)
0000000002335c90: 00090 . 00040 [100]
0000000002335cd0: 00040 . 00090 [101] - busy (5c)
0000000002335d60: 00090 . 00020 [100]
0000000002335d80: 00020 . 00130 [101] - busy (104)
0000000002335eb0: 00130 . 00080 [101] - busy (53)
0000000002335f30: 00080 . 00090 [101] - busy (65)
0000000002335fc0: 00090 . 01060 [101] - busy (1034)
0000000002337020: 01060 . 01020 [101] - busy (ff0) Internal
0000000002338040: 01020 . 00420 [101] - busy (3f0) Internal
0000000002338460: 00420 . 00090 [101] - busy (64)
00000000023384f0: 00090 . 00260 [101] - busy (234)
0000000002338750: 00260 . 00090 [101] - busy (5c)
00000000023387e0: 00090 . 00080 [101] - busy (54)
0000000002338860: 00080 . 00080 [101] - busy (4c)
00000000023388e0: 00080 . 00030 [100]
0000000002338910: 00030 . 00090 [101] - busy (5c)
00000000023389a0: 00090 . 00090 [101] - busy (64)
0000000002338a30: 00090 . 00260 [101] - busy (234)
0000000002338c90: 00260 . 00060 [101] - busy (35)
0000000002338cf0: 00060 . 00160 [101] - busy (134)
0000000002338e50: 00160 . 00260 [101] - busy (234)
00000000023390b0: 00260 . 00160 [101] - busy (134)
0000000002339210: 00160 . 000c0 [101] - busy (94)
00000000023392d0: 000c0 . 00080 [101] - busy (4c)
0000000002339350: 00080 . 000c0 [101] - busy (84)
0000000002339410: 000c0 . 000c0 [101] - busy (84)
00000000023394d0: 000c0 . 000c0 [101] - busy (94)
0000000002339590: 000c0 . 000c0 [101] - busy (94)
0000000002339650: 000c0 . 000a0 [101] - busy (6c)
00000000023396f0: 000a0 . 000c0 [101] - busy (94)
00000000023397b0: 000c0 . 000a0 [101] - busy (6c)
0000000002339850: 000a0 . 000a0 [101] - busy (6c)
00000000023398f0: 000a0 . 02020 [101] - busy (1ff0) Internal
000000000233b910: 02020 . 000a0 [101] - busy (74)
000000000233b9b0: 000a0 . 00060 [101] - busy (35)
000000000233ba10: 00060 . 02020 [101] - busy (1ff0) Internal
000000000233da30: 02020 . 000a0 [101] - busy (6c)
000000000233dad0: 000a0 . 000c0 [101] - busy (94)
000000000233db90: 000c0 . 000a0 [101] - busy (6c)
000000000233dc30: 000a0 . 00060 [100]
000000000233dc90: 00060 . 001c0 [101] - busy (194)
000000000233de50: 001c0 . 00260 [101] - busy (234)
000000000233e0b0: 00260 . 000b0 [101] - busy (80)
000000000233e160: 000b0 . 00020 [100]
000000000233e180: 00020 . 000c0 [101] - busy (94)
000000000233e240: 000c0 . 000a0 [101] - busy (6c)
000000000233e2e0: 000a0 . 000a0 [101] - busy (74)
000000000233e380: 000a0 . 001c0 [101] - busy (194)
000000000233e540: 001c0 . 00020 [100]
000000000233e560: 00020 . 000c0 [101] - busy (84)
000000000233e620: 000c0 . 000c0 [101] - busy (84)
000000000233e6e0: 000c0 . 000c0 [101] - busy (94)
000000000233e7a0: 000c0 . 000c0 [101] - busy (94)
000000000233e860: 000c0 . 00260 [101] - busy (234)
000000000233eac0: 00260 . 000b0 [101] - busy (82)
000000000233eb70: 000b0 . 00350 [100]
000000000233eec0: 00350 . 00330 [101] - busy (2fc)
000000000233f1f0: 00330 . 00440 [101] - busy (40c)
000000000233f630: 00440 . 00420 [101] - busy (3f0) Internal
000000000233fa50: 00420 . 00460 [100]
000000000233feb0: 00460 . 000b0 [101] - busy (80)
000000000233ff60: 000b0 . 00060 [100]
000000000233ffc0: 00060 . 00040 [111] - busy (3d)
0000000002340000: 00000000 - uncommitted bytes.
Heap entries for Segment01 in Heap 0000000002330000
00000000032b0000: 00000 . 00070 [101] - busy (6f)
00000000032b0070: 00070 . 0c470 [101] - busy (c440) Internal
00000000032bc4e0: 0c470 . 00280 [101] - busy (254)
00000000032bc760: 00280 . 000a0 [101] - busy (70)
00000000032bc800: 000a0 . 00080 [101] - busy (4c)
00000000032bc880: 00080 . 00080 [101] - busy (58)
00000000032bc900: 00080 . 00070 [101] - busy (48)
00000000032bc970: 00070 . 00080 [101] - busy (4b)
00000000032bc9f0: 00080 . 00070 [101] - busy (42)
00000000032bca60: 00070 . 00080 [101] - busy (4d)
00000000032bcae0: 00080 . 000a0 [101] - busy (72)
00000000032bcb80: 000a0 . 00080 [101] - busy (51)
00000000032bcc00: 00080 . 000b0 [101] - busy (7c)
00000000032bccb0: 000b0 . 00070 [101] - busy (46)
00000000032bcd20: 00070 . 00080 [101] - busy (4c)
00000000032bcda0: 00080 . 00080 [101] - busy (4f)
00000000032bce20: 00080 . 00080 [101] - busy (52)
00000000032bcea0: 00080 . 00090 [101] - busy (5d)
00000000032bcf30: 00090 . 00080 [101] - busy (4b)
00000000032bcfb0: 00080 . 00070 [101] - busy (43)
00000000032bd020: 00070 . 00080 [101] - busy (4a)
00000000032bd0a0: 00080 . 00080 [101] - busy (49)
00000000032bd120: 00080 . 00070 [101] - busy (48)
00000000032bd190: 00070 . 00070 [101] - busy (44)
00000000032bd200: 00070 . 000a0 [101] - busy (69)
00000000032bd2a0: 000a0 . 00070 [101] - busy (46)
00000000032bd310: 00070 . 00070 [101] - busy (3c)
00000000032bd380: 00070 . 000c0 [101] - busy (8c)
00000000032bd440: 000c0 . 00070 [101] - busy (3c)
00000000032bd4b0: 00070 . 00090 [101] - busy (5c)
00000000032bd540: 00090 . 00090 [101] - busy (5c)
00000000032bd5d0: 00090 . 00090 [101] - busy (5c)
00000000032bd660: 00090 . 000a0 [101] - busy (5c)
00000000032bd700: 000a0 . 00070 [101] - busy (44)
00000000032bd770: 00070 . 00090 [101] - busy (5c)
00000000032bd800: 00090 . 00070 [101] - busy (3c)
00000000032bd870: 00070 . 00050 [100]
00000000032bd8c0: 00050 . 00260 [101] - busy (234)
00000000032bdb20: 00260 . 00070 [101] - busy (3c)
00000000032bdb90: 00070 . 00090 [101] - busy (5c)
00000000032bdc20: 00090 . 00070 [101] - busy (3c)
00000000032bdc90: 00070 . 00070 [101] - busy (3c)
00000000032bdd00: 00070 . 00090 [101] - busy (5c)
00000000032bdd90: 00090 . 00070 [101] - busy (3c)
00000000032bde00: 00070 . 00070 [101] - busy (3c)
00000000032bde70: 00070 . 00090 [101] - busy (5c)
00000000032bdf00: 00090 . 00070 [101] - busy (3c)
00000000032bdf70: 00070 . 00cc0 [100]
00000000032bec30: 00cc0 . 00330 [101] - busy (2fc)
00000000032bef60: 00330 . 00440 [101] - busy (40a)
00000000032bf3a0: 00440 . 00220 [100]
00000000032bf5c0: 00220 . 00330 [101] - busy (2fc)
00000000032bf8f0: 00330 . 04020 [101] - busy (3ff0) Internal
00000000032c3910: 04020 . 02020 [101] - busy (1ff0) Internal
00000000032c5930: 02020 . 00210 [100]
00000000032c5b40: 00210 . 01020 [101] - busy (ff0) Internal
00000000032c6b60: 01020 . 01020 [101] - busy (ff0) Internal
00000000032c7b80: 01020 . 00440 [101] - busy (40c)
00000000032c7fc0: 00440 . 00440 [101] - busy (40a)
00000000032c8400: 00440 . 00430 [101] - busy (3f0) Internal
00000000032c8830: 00430 . 02020 [101] - busy (1ff0) Internal
00000000032ca850: 02020 . 02020 [101] - busy (1ff0) Internal
00000000032cc870: 02020 . 01020 [101] - busy (ff0) Internal
00000000032cd890: 01020 . 00420 [101] - busy (3f0) Internal
00000000032cdcb0: 00420 . 00420 [101] - busy (3f0) Internal
00000000032ce0d0: 00420 . 00420 [101] - busy (3f0) Internal
00000000032ce4f0: 00420 . 003a0 [100]
00000000032ce890: 003a0 . 02020 [101] - busy (1ff0) Internal
00000000032d08b0: 02020 . 02020 [101] - busy (1ff0) Internal
00000000032d28d0: 02020 . 01020 [101] - busy (ff0) Internal
00000000032d38f0: 01020 . 00420 [101] - busy (3f0) Internal
00000000032d3d10: 00420 . 00420 [101] - busy (3f0) Internal
00000000032d4130: 00420 . 003a0 [100]
00000000032d44d0: 003a0 . 00420 [101] - busy (3f0) Internal
00000000032d48f0: 00420 . 01020 [101] - busy (ff0) Internal
00000000032d5910: 01020 . 04020 [101] - busy (3ff0) Internal
00000000032d9930: 04020 . 01020 [101] - busy (ff0) Internal
00000000032da950: 01020 . 04020 [101] - busy (3ff0) Internal
00000000032de970: 04020 . 01020 [101] - busy (ff0) Internal
00000000032df990: 01020 . 04020 [101] - busy (3ff0) Internal
00000000032e39b0: 04020 . 00420 [101] - busy (3f0) Internal
00000000032e3dd0: 00420 . 00020 [100]
00000000032e3df0: 00020 . 04020 [101] - busy (3ff0) Internal
00000000032e7e10: 04020 . 02020 [101] - busy (1ff0) Internal
00000000032e9e30: 02020 . 01020 [101] - busy (ff0) Internal
00000000032eae50: 01020 . 02020 [101] - busy (1ff0) Internal
00000000032ece70: 02020 . 01020 [101] - busy (ff0) Internal
00000000032ede90: 01020 . 000f0 [100]
00000000032edf80: 000f0 . 01020 [101] - busy (ff0) Internal
00000000032eefa0: 01020 . 01020 [101] - busy (ff0) Internal
00000000032effc0: 01020 . 02020 [101] - busy (1ff0) Internal
00000000032f1fe0: 02020 . 02020 [101] - busy (1ff0) Internal
00000000032f4000: 02020 . 00420 [101] - busy (3f0) Internal
00000000032f4420: 00420 . 00160 [100]
00000000032f4580: 00160 . 02020 [101] - busy (1ff0) Internal
00000000032f65a0: 02020 . 02020 [101] - busy (1ff0) Internal
00000000032f85c0: 02020 . 02020 [101] - busy (1ff0) Internal
00000000032fa5e0: 02020 . 08020 [101] - busy (7ff0) Internal
0000000003302600: 08020 . 02020 [101] - busy (1ff0) Internal
0000000003304620: 02020 . 01020 [101] - busy (ff0) Internal
0000000003305640: 01020 . 02020 [101] - busy (1ff0) Internal
0000000003307660: 02020 . 02020 [101] - busy (1ff0) Internal
0000000003309680: 02020 . 08020 [101] - busy (7ff0) Internal
00000000033116a0: 08020 . 02020 [101] - busy (1ff0) Internal
00000000033136c0: 02020 . 02020 [101] - busy (1ff0) Internal
00000000033156e0: 02020 . 01020 [101] - busy (ff0) Internal
0000000003316700: 01020 . 02020 [101] - busy (1ff0) Internal
0000000003318720: 02020 . 02020 [101] - busy (1ff0) Internal
000000000331a740: 02020 . 02020 [101] - busy (1ff0) Internal
000000000331c760: 02020 . 02020 [101] - busy (1ff0) Internal
000000000331e780: 02020 . 02020 [101] - busy (1ff0) Internal
00000000033207a0: 02020 . 02020 [101] - busy (1ff0) Internal
00000000033227c0: 02020 . 01020 [101] - busy (ff0) Internal
00000000033237e0: 01020 . 02020 [101] - busy (1ff0) Internal
0000000003325800: 02020 . 02020 [101] - busy (1ff0) Internal
0000000003327820: 02020 . 02020 [101] - busy (1ff0) Internal
0000000003329840: 02020 . 01020 [101] - busy (ff0) Internal
000000000332a860: 01020 . 02020 [101] - busy (1ff0) Internal
000000000332c880: 02020 . 01020 [101] - busy (ff0) Internal
000000000332d8a0: 01020 . 02020 [101] - busy (1ff0) Internal
000000000332f8c0: 02020 . 02020 [101] - busy (1ff0) Internal
00000000033318e0: 02020 . 08020 [101] - busy (7ff0) Internal
0000000003339900: 08020 . 01020 [101] - busy (ff0) Internal
000000000333a920: 01020 . 02020 [101] - busy (1ff0) Internal
000000000333c940: 02020 . 02020 [101] - busy (1ff0) Internal
000000000333e960: 02020 . 02020 [101] - busy (1ff0) Internal
0000000003340980: 02020 . 02020 [101] - busy (1ff0) Internal
00000000033429a0: 02020 . 01020 [101] - busy (ff0) Internal
00000000033439c0: 01020 . 02020 [101] - busy (1ff0) Internal
00000000033459e0: 02020 . 02020 [101] - busy (1ff0) Internal
0000000003347a00: 02020 . 01020 [101] - busy (ff0) Internal
0000000003348a20: 01020 . 02020 [101] - busy (1ff0) Internal
000000000334aa40: 02020 . 02020 [101] - busy (1ff0) Internal
000000000334ca60: 02020 . 02020 [101] - busy (1ff0) Internal
000000000334ea80: 02020 . 01020 [101] - busy (ff0) Internal
000000000334faa0: 01020 . 02020 [101] - busy (1ff0) Internal
0000000003351ac0: 02020 . 02020 [101] - busy (1ff0) Internal
0000000003353ae0: 02020 . 02020 [101] - busy (1ff0) Internal
0000000003355b00: 02020 . 01020 [101] - busy (ff0) Internal
0000000003356b20: 01020 . 02020 [101] - busy (1ff0) Internal
0000000003358b40: 02020 . 02020 [101] - busy (1ff0) Internal
000000000335ab60: 02020 . 02000 [100]
000000000335cb60: 02000 . 02020 [101] - busy (1ff0) Internal
000000000335eb80: 02020 . 04020 [101] - busy (3ff0) Internal
0000000003362ba0: 04020 . 02020 [101] - busy (1ff0) Internal
0000000003364bc0: 02020 . 01020 [101] - busy (ff0) Internal
0000000003365be0: 01020 . 02020 [101] - busy (1ff0) Internal
0000000003367c00: 02020 . 01020 [101] - busy (ff0) Internal
0000000003368c20: 01020 . 04020 [101] - busy (3ff0) Internal
000000000336cc40: 04020 . 02020 [101] - busy (1ff0) Internal
000000000336ec60: 02020 . 02020 [101] - busy (1ff0) Internal
0000000003370c80: 02020 . 01020 [101] - busy (ff0) Internal
0000000003371ca0: 01020 . 02020 [101] - busy (1ff0) Internal
0000000003373cc0: 02020 . 01020 [101] - busy (ff0) Internal
0000000003374ce0: 01020 . 02020 [101] - busy (1ff0) Internal
0000000003376d00: 02020 . 02020 [101] - busy (1ff0) Internal
0000000003378d20: 02020 . 02020 [101] - busy (1ff0) Internal
000000000337ad40: 02020 . 04020 [101] - busy (3ff0) Internal
000000000337ed60: 04020 . 02020 [101] - busy (1ff0) Internal
0000000003380d80: 02020 . 02020 [101] - busy (1ff0) Internal
0000000003382da0: 02020 . 02020 [101] - busy (1ff0) Internal
0000000003384dc0: 02020 . 02020 [101] - busy (1ff0) Internal
0000000003386de0: 02020 . 02020 [101] - busy (1ff0) Internal
0000000003388e00: 02020 . 02020 [101] - busy (1ff0) Internal
000000000338ae20: 02020 . 02020 [101] - busy (1ff0) Internal
000000000338ce40: 02020 . 02020 [101] - busy (1ff0) Internal
000000000338ee60: 02020 . 02020 [101] - busy (1ff0) Internal
0000000003390e80: 02020 . 02020 [101] - busy (1ff0) Internal
0000000003392ea0: 02020 . 02020 [101] - busy (1ff0) Internal
0000000003394ec0: 02020 . 02020 [101] - busy (1ff0) Internal
0000000003396ee0: 02020 . 08020 [101] - busy (7ff0) Internal
000000000339ef00: 08020 . 02020 [101] - busy (1ff0) Internal
00000000033a0f20: 02020 . 02020 [101] - busy (1ff0) Internal
00000000033a2f40: 02020 . 02020 [101] - busy (1ff0) Internal
00000000033a4f60: 02020 . 08020 [101] - busy (7ff0) Internal
00000000033acf80: 08020 . 02020 [101] - busy (1ff0) Internal
00000000033aefa0: 02020 . 00420 [101] - busy (3f0) Internal
00000000033af3c0: 00420 . 00420 [101] - busy (3f0) Internal
00000000033af7e0: 00420 . 00420 [101] - busy (3f0) Internal
00000000033afc00: 00420 . 003c0 [100]
00000000033affc0: 003c0 . 00040 [111] - busy (3d)
00000000033b0000: 00000000 - uncommitted bytes.
Heap entries for Segment02 in Heap 0000000002330000
00000000065a0000: 00000 . 00070 [101] - busy (6f)
00000000065a0070: 00070 . 04020 [101] - busy (3ff0) Internal
00000000065a4090: 04020 . 04020 [101] - busy (3ff0) Internal
00000000065a80b0: 04020 . 02020 [101] - busy (1ff0) Internal
00000000065aa0d0: 02020 . 02020 [101] - busy (1ff0) Internal
00000000065ac0f0: 02020 . 08020 [101] - busy (7ff0) Internal
00000000065b4110: 08020 . 02020 [101] - busy (1ff0) Internal
00000000065b6130: 02020 . 04020 [101] - busy (3ff0) Internal
00000000065ba150: 04020 . 04020 [101] - busy (3ff0) Internal
00000000065be170: 04020 . 08020 [101] - busy (7ff0) Internal
00000000065c6190: 08020 . 04020 [101] - busy (3ff0) Internal
00000000065ca1b0: 04020 . 02020 [101] - busy (1ff0) Internal
00000000065cc1d0: 02020 . 04020 [101] - busy (3ff0) Internal
00000000065d01f0: 04020 . 04020 [101] - busy (3ff0) Internal
00000000065d4210: 04020 . 04020 [101] - busy (3ff0) Internal
00000000065d8230: 04020 . 04020 [101] - busy (3ff0) Internal
00000000065dc250: 04020 . 02020 [101] - busy (1ff0) Internal
00000000065de270: 02020 . 08020 [101] - busy (7ff0) Internal
00000000065e6290: 08020 . 04020 [101] - busy (3ff0) Internal
00000000065ea2b0: 04020 . 04020 [101] - busy (3ff0) Internal
00000000065ee2d0: 04020 . 08020 [101] - busy (7ff0) Internal
00000000065f62f0: 08020 . 04020 [101] - busy (3ff0) Internal
00000000065fa310: 04020 . 04020 [101] - busy (3ff0) Internal
00000000065fe330: 04020 . 08020 [101] - busy (7ff0) Internal
0000000006606350: 08020 . 04020 [101] - busy (3ff0) Internal
000000000660a370: 04020 . 04020 [101] - busy (3ff0) Internal
000000000660e390: 04020 . 04020 [101] - busy (3ff0) Internal
00000000066123b0: 04020 . 10020 [101] - busy (fff0) Internal
00000000066223d0: 10020 . 04020 [101] - busy (3ff0) Internal
00000000066263f0: 04020 . 04020 [101] - busy (3ff0) Internal
000000000662a410: 04020 . 04020 [101] - busy (3ff0) Internal
000000000662e430: 04020 . 04020 [101] - busy (3ff0) Internal
0000000006632450: 04020 . 10020 [101] - busy (fff0) Internal
0000000006642470: 10020 . 04020 [101] - busy (3ff0) Internal
0000000006646490: 04020 . 04020 [101] - busy (3ff0) Internal
000000000664a4b0: 04020 . 04020 [101] - busy (3ff0) Internal
000000000664e4d0: 04020 . 04020 [101] - busy (3ff0) Internal
00000000066524f0: 04020 . 08020 [101] - busy (7ff0) Internal
000000000665a510: 08020 . 08020 [101] - busy (7ff0) Internal
0000000006662530: 08020 . 04020 [101] - busy (3ff0) Internal
0000000006666550: 04020 . 04020 [101] - busy (3ff0) Internal
000000000666a570: 04020 . 10020 [101] - busy (fff0) Internal
000000000667a590: 10020 . 04020 [101] - busy (3ff0) Internal
000000000667e5b0: 04020 . 08020 [101] - busy (7ff0) Internal
00000000066865d0: 08020 . 08020 [101] - busy (7ff0) Internal
000000000668e5f0: 08020 . 10020 [101] - busy (fff0) Internal
000000000669e610: 10020 . 04020 [101] - busy (3ff0) Internal
00000000066a2630: 04020 . 10020 [101] - busy (fff0) Internal
00000000066b2650: 10020 . 08020 [101] - busy (7ff0) Internal
00000000066ba670: 08020 . 02020 [101] - busy (1ff0) Internal
00000000066bc690: 02020 . 08020 [101] - busy (7ff0) Internal
00000000066c46b0: 08020 . 08020 [101] - busy (7ff0) Internal
00000000066cc6d0: 08020 . 10020 [101] - busy (fff0) Internal
00000000066dc6f0: 10020 . 08020 [101] - busy (7ff0) Internal
00000000066e4710: 08020 . 08020 [101] - busy (7ff0) Internal
00000000066ec730: 08020 . 08020 [101] - busy (7ff0) Internal
00000000066f4750: 08020 . 10020 [101] - busy (fff0) Internal
0000000006704770: 10020 . 08020 [101] - busy (7ff0) Internal
000000000670c790: 08020 . 10020 [101] - busy (fff0) Internal
000000000671c7b0: 10020 . 08020 [101] - busy (7ff0) Internal
00000000067247d0: 08020 . 08020 [101] - busy (7ff0) Internal
000000000672c7f0: 08020 . 20020 [101] - busy (1fff0) Internal
000000000674c810: 20020 . 08020 [101] - busy (7ff0) Internal
0000000006754830: 08020 . 08020 [101] - busy (7ff0) Internal
000000000675c850: 08020 . 08020 [101] - busy (7ff0) Internal
0000000006764870: 08020 . 08020 [101] - busy (7ff0) Internal
000000000676c890: 08020 . 20020 [101] - busy (1fff0) Internal
000000000678c8b0: 20020 . 08020 [101] - busy (7ff0) Internal
00000000067948d0: 08020 . 08020 [101] - busy (7ff0) Internal
000000000679c8f0: 08020 . 02020 [101] - busy (1ff0) Internal
000000000679e910: 02020 . 016b0 [100]
000000000679ffc0: 016b0 . 00040 [111] - busy (3d)
00000000067a0000: 00000000 - uncommitted bytes.
Heap entries for Segment03 in Heap 0000000002330000
00000000067a0000: 00000 . 00070 [101] - busy (6f)
00000000067a0070: 00070 . 08020 [101] - busy (7ff0) Internal
00000000067a8090: 08020 . 08020 [101] - busy (7ff0) Internal
00000000067b00b0: 08020 . 08020 [101] - busy (7ff0) Internal
00000000067b80d0: 08020 . 20020 [101] - busy (1fff0) Internal
00000000067d80f0: 20020 . 08020 [101] - busy (7ff0) Internal
00000000067e0110: 08020 . 08020 [101] - busy (7ff0) Internal
00000000067e8130: 08020 . 08020 [101] - busy (7ff0) Internal
00000000067f0150: 08020 . 08020 [101] - busy (7ff0) Internal
00000000067f8170: 08020 . 10020 [101] - busy (fff0) Internal
0000000006808190: 10020 . 10020 [101] - busy (fff0) Internal
00000000068181b0: 10020 . 20020 [101] - busy (1fff0) Internal
00000000068381d0: 20020 . 10020 [101] - busy (fff0) Internal
00000000068481f0: 10020 . 08020 [101] - busy (7ff0) Internal
0000000006850210: 08020 . 20020 [101] - busy (1fff0) Internal
0000000006870230: 20020 . 10020 [101] - busy (fff0) Internal
0000000006880250: 10020 . 08020 [101] - busy (7ff0) Internal
0000000006888270: 08020 . 10020 [101] - busy (fff0) Internal
0000000006898290: 10020 . 20020 [101] - busy (1fff0) Internal
00000000068b82b0: 20020 . 10020 [101] - busy (fff0) Internal
00000000068c82d0: 10020 . 10020 [101] - busy (fff0) Internal
00000000068d82f0: 10020 . 20020 [101] - busy (1fff0) Internal
00000000068f8310: 20020 . 10020 [101] - busy (fff0) Internal
0000000006908330: 10020 . 10020 [101] - busy (fff0) Internal
0000000006918350: 10020 . 10020 [101] - busy (fff0) Internal
0000000006928370: 10020 . 10020 [101] - busy (fff0) Internal
0000000006938390: 10020 . 20020 [101] - busy (1fff0) Internal
00000000069583b0: 20020 . 10020 [101] - busy (fff0) Internal
00000000069683d0: 10020 . 10020 [101] - busy (fff0) Internal
00000000069783f0: 10020 . 10020 [101] - busy (fff0) Internal
0000000006988410: 10020 . 10020 [101] - busy (fff0) Internal
0000000006998430: 10020 . 10020 [101] - busy (fff0) Internal
00000000069a8450: 10020 . 40020 [101] - busy (3fff0) Internal
00000000069e8470: 40020 . 10020 [101] - busy (fff0) Internal
00000000069f8490: 10020 . 10020 [101] - busy (fff0) Internal
0000000006a084b0: 10020 . 10020 [101] - busy (fff0) Internal
0000000006a184d0: 10020 . 04020 [101] - busy (3ff0) Internal
0000000006a1c4f0: 04020 . 10020 [101] - busy (fff0) Internal
0000000006a2c510: 10020 . 40020 [101] - busy (3fff0) Internal
0000000006a6c530: 40020 . 10020 [101] - busy (fff0) Internal
0000000006a7c550: 10020 . 10020 [101] - busy (fff0) Internal
0000000006a8c570: 10020 . 10020 [101] - busy (fff0) Internal
0000000006a9c590: 10020 . 10020 [101] - busy (fff0) Internal
0000000006aac5b0: 10020 . 40020 [101] - busy (3fff0) Internal
0000000006aec5d0: 40020 . 10020 [101] - busy (fff0) Internal
0000000006afc5f0: 10020 . 10020 [101] - busy (fff0) Internal
0000000006b0c610: 10020 . 20020 [101] - busy (1fff0) Internal
0000000006b2c630: 20020 . 40020 [101] - busy (3fff0) Internal
0000000006b6c650: 40020 . 10020 [101] - busy (fff0) Internal
0000000006b7c670: 10020 . 20020 [101] - busy (1fff0) Internal
0000000006b9c690: 20020 . 03930 [100]
0000000006b9ffc0: 03930 . 00040 [111] - busy (3d)
0000000006ba0000: 00000000 - uncommitted bytes.
Heap entries for Segment04 in Heap 0000000002330000
0000000006d80000: 00000 . 00070 [101] - busy (6f)
0000000006d80070: 00070 . 10020 [101] - busy (fff0) Internal
0000000006d90090: 10020 . 40020 [101] - busy (3fff0) Internal
0000000006dd00b0: 40020 . 20020 [101] - busy (1fff0) Internal
0000000006df00d0: 20020 . 20020 [101] - busy (1fff0) Internal
0000000006e100f0: 20020 . 20020 [101] - busy (1fff0) Internal
0000000006e30110: 20020 . 40020 [101] - busy (3fff0) Internal
0000000006e70130: 40020 . 20020 [101] - busy (1fff0) Internal
0000000006e90150: 20020 . 40020 [101] - busy (3fff0) Internal
0000000006ed0170: 40020 . 20020 [101] - busy (1fff0) Internal
0000000006ef0190: 20020 . 20020 [101] - busy (1fff0) Internal
0000000006f101b0: 20020 . 20020 [101] - busy (1fff0) Internal
0000000006f301d0: 20020 . 40020 [101] - busy (3fff0) Internal
0000000006f701f0: 40020 . 04020 [101] - busy (3ff0) Internal
0000000006f74210: 04020 . 20020 [101] - busy (1fff0) Internal
0000000006f94230: 20020 . 20020 [101] - busy (1fff0) Internal
0000000006fb4250: 20020 . 40020 [101] - busy (3fff0) Internal
0000000006ff4270: 40020 . 04020 [101] - busy (3ff0) Internal
0000000006ff8290: 04020 . 20020 [101] - busy (1fff0) Internal
00000000070182b0: 20020 . 20020 [101] - busy (1fff0) Internal
00000000070382d0: 20020 . 04020 [101] - busy (3ff0) Internal
000000000703c2f0: 04020 . 08020 [101] - busy (7ff0) Internal
0000000007044310: 08020 . 40020 [101] - busy (3fff0) Internal
0000000007084330: 40020 . 20020 [101] - busy (1fff0) Internal
EDIT 10/26/2012编辑 2012 年 10 月 26 日
I finally found out the place that causing the leak, by inspecting the memory content inside the Internal heap entry.通过检查内部堆条目中的 memory 内容,我终于找到了导致泄漏的地方。 It contains a number of memory allocation caused by the same operator new .它包含由相同的operator new引起的多个 memory 分配。 I don't know why they are all combined into one single heap entry but by looking at the content, I managed to find out the code causing the leak.我不知道为什么它们都合并到一个堆条目中,但通过查看内容,我设法找出了导致泄漏的代码。 Perhaps, it's a CRT feature to combine all similar data into one heap entry?也许,将所有类似数据组合到一个堆条目中是 CRT 的一项功能? Or do I misunderstand the meaning of heap entry completely?还是我完全误解了堆条目的含义?
2 个解决方案
解决方案1
22 已采纳 2012-10-26 13:43:51
TL;DR: Heap blocks marked as "internal" have a special flag in _HEAP_ENTRY.Flags TL; DR:标记为“内部”的堆块在_HEAP_ENTRY.Flags中具有特殊标志
[edit] revised my previous answer with a proper answer. [编辑]用适当的答案修改了我以前的答案。
Here's my guess attempt to your question. 这是我对您问题的猜测尝试。
According to the windbg help, the "!heap" command code is located in exts.dll (ie \\winxp\\exts.dll). 根据windbg帮助,“!heap”命令代码位于exts.dll(即\\ winxp \\ exts.dll)中。
Put this DLL on IDA and downloaded symbols for it. 将此DLL放在IDA上并为其下载符号。 There's only one occurrence of "Internal" in the DLL, inside the DumpHeapEntry() function : 在DLL中,在DumpHeapEntry()函数内部只有一次“内部”:
.text:0192463D movzx eax, byte_1963152
.text:01924644 test eax, eax
.text:01924646 jz short loc_1924656
.text:01924648 push offset aInternal ; " Internal "
.text:0192464D call _ExtensionApis.lpOutputRoutine ; some sort of printf routine
The output of "Internal" is therefore conditioned by the value of byte_1963152 : if byte_1963152 is not 0, then "Internal" is printed. 因此,“内部”的输出取决于字节_1963152的值:如果字节_1963152不为0,则打印“内部”。 Only once occurrence of write value with anything else than 0 happens (in ReadHeapEntry() which is called at the start of DumpHeapEntry() ): 仅发生一次写入值且不为0的情况(在ReadHeapEntry()中,它在DumpHeapEntry()的开头被调用):
.text:0191F025 movzx eax, [ebp+var_B]
.text:0191F029 and eax, 8
.text:0191F02C jz short loc_191F035
.text:0191F02E mov byte_1963152, 1
This translates to: 转换为:
if((UINT)var_B & 8)
byte_1963152 = 1;
var_B is set here : var_B在这里设置:
text:0191EFF7 mov eax, [ebp+var_18]
.text:0191EFFA mov edx, [ebp+var_14]
.text:0191EFFD mov cl, 10h ; shift right by 0x10 bits
.text:0191EFFF call __aullshr
.text:0191F004 mov [ebp+var_B], al
__aullshr stands for "Arithmetic Unsigned Long Long Shift Right". __aullshr代表“算术无符号长整型右移右移”。 In the above code eax is the low 32-bit part of a 64-bit unsigned long long, while edx is the high 32-bit part. 在上面的代码中,eax是64位无符号long long中的低32位部分,而edx是32位中的高部分。 Notice that var_B is a 8-bit quantity ('al' register is used). 注意,var_B是8位数量(使用“ al”寄存器)。
Hence: 因此:
// where var_14_18 is a combination (64-bit) of var_14 and var_18
var_B = (char)(var_14_18 >> 0x10 );
var_14 and var_18 are set here : var_14和var_18在这里设置:
.text:0191EF01 push 0
.text:0191EF03 push offset aAgregatecode ; "AgregateCode"
.text:0191EF08 push 0
.text:0191EF0A push 0
.text:0191EF0C call _GetShortField@16 ; GetShortField(x,x,x,x)
.text:0191EF11 mov [ebp+var_18], eax ; high part
.text:0191EF14 mov [ebp+var_14], edx ; low part
; cut
.text:0191EF28 mov ecx, [ebp+var_18]
.text:0191EF2B and ecx, _EncodeFlagMask ; from HEAP.EncodeFlagMask
.text:0191EF31 jz short loc_191EF75
.text:0191EF33 mov edx, [ebp+var_18]
.text:0191EF36 xor edx, _CrtHeapCode ; from HEAP.Encoding.Code1
.text:0191EF3C mov eax, [ebp+var_14]
.text:0191EF3F xor eax, dword_1963194 ; from HEAP.Encoding.Code2
.text:0191EF45 mov [ebp+var_18], edx
.text:0191EF48 mov [ebp+var_14], eax
So, windbg use the GetShortField() function on "AgregateCode" and sets both of the aforementioned variable (which is also a single unsigned long long value). 因此,windbg在“ AgregateCode”上使用GetShortField()函数并设置上述两个变量(也是一个无符号的long long值)。 Note that it also uses the HEAP.Encoding.Code1 and HEAP.Encoding.Code2 to XOR both of the value (HEAP is the the current heap from which the heap entry is a part). 请注意,它还将HEAP.Encoding.Code1和HEAP.Encoding.Code2都用于两个值的异或运算(HEAP是当前的堆,堆条目是该堆的一部分)。
"AgregateCode" is a field of both HEAP_ENTRY and HEAP_FREE_ENTRY structures (from Win 8.1 x86): “ AgregateCode”是HEAP_ENTRY和HEAP_FREE_ENTRY结构的一个字段(来自Win 8.1 x86):
0:000> dt _heap_entry -r2
ntdll!_HEAP_ENTRY
+0x000 Size : Uint2B
+0x002 Flags : UChar
+0x003 SmallTagIndex : UChar
+0x000 SubSegmentCode : Uint4B
+0x004 PreviousSize : Uint2B
+0x006 SegmentOffset : UChar
+0x006 LFHFlags : UChar
+0x007 UnusedBytes : UChar
+0x000 FunctionIndex : Uint2B
+0x002 ContextValue : Uint2B
+0x000 InterceptorValue : Uint4B
+0x004 UnusedBytesLength : Uint2B
+0x006 EntryOffset : UChar
+0x007 ExtendedBlockSignature : UChar
+0x000 Code1 : Uint4B
+0x004 Code2 : Uint2B
+0x006 Code3 : UChar
+0x007 Code4 : UChar
+0x004 Code234 : Uint4B
+0x000 AgregateCode : Uint8B
This translated to C, gives: 转换为C可以得出:
typedef struct _HEAP_ENTRY // 20 elements, 0x8 bytes (sizeof)
{
union // 6 elements, 0x8 bytes (sizeof)
{
struct // 3 elements, 0x8 bytes (sizeof)
{
/*0x000*/ UINT16 Size;
/*0x002*/ UINT8 Flags;
/*0x003*/ UINT8 SmallTagIndex;
/*0x004*/ UINT8 _PADDING0_[0x4];
};
struct // 4 elements, 0x8 bytes (sizeof)
{
/*0x000*/ ULONG32 SubSegmentCode;
/*0x004*/ UINT16 PreviousSize;
union // 2 elements, 0x1 bytes (sizeof)
{
/*0x006*/ UINT8 SegmentOffset;
/*0x006*/ UINT8 LFHFlags;
};
/*0x007*/ UINT8 UnusedBytes;
};
struct // 2 elements, 0x8 bytes (sizeof)
{
/*0x000*/ UINT16 FunctionIndex;
/*0x002*/ UINT16 ContextValue;
/*0x004*/ UINT8 _PADDING1_[0x4];
};
struct // 4 elements, 0x8 bytes (sizeof)
{
/*0x000*/ ULONG32 InterceptorValue;
/*0x004*/ UINT16 UnusedBytesLength;
/*0x006*/ UINT8 EntryOffset;
/*0x007*/ UINT8 ExtendedBlockSignature;
};
struct // 2 elements, 0x8 bytes (sizeof)
{
/*0x000*/ ULONG32 Code1;
union // 2 elements, 0x4 bytes (sizeof)
{
struct // 3 elements, 0x4 bytes (sizeof)
{
/*0x004*/ UINT16 Code2;
/*0x006*/ UINT8 Code3;
/*0x007*/ UINT8 Code4;
};
/*0x004*/ ULONG32 Code234;
};
};
/*0x000*/ UINT64 AgregateCode;
};
}HEAP_ENTRY, *PHEAP_ENTRY;
Thus we have the following pseudo-code (minus some other checks): 因此,我们具有以下伪代码(减去一些其他检查):
high_part, low_part = GetShortField(0,0,"AgregateCode", 0);
high_part ^= HEAP.Encoding.Code1;
low_part ^= HEAP.Encoding.Code2;
AgregateCode = Make64BitFromTwo32Bit(high_part, low_part);
char var_B = (char)(AgregateCode >> 0x10);
if(var_B & 8)
printf("Internal");
Given that "AgregateCode" is ... well, an aggregate of Code1 to Code 4 : 鉴于“ AgregateCode”是...好,Code1到Code 4的集合:
struct // 2 elements, 0x8 bytes (sizeof)
{
/*0x000*/ ULONG32 Code1;
union // 2 elements, 0x4 bytes (sizeof)
{
struct // 3 elements, 0x4 bytes (sizeof)
{
/*0x004*/ UINT16 Code2;
/*0x006*/ UINT8 Code3;
/*0x007*/ UINT8 Code4;
};
/*0x004*/ ULONG32 Code234;
};
};
/*0x000*/ UINT64 AgregateCode;
If you shift 0x10 and AND 8 the AgregateCode field you end up finally testing the 11th bit (start counting at 0) of Code1. 如果将0x10和AND 8转换为AgregateCode字段,则最终将测试Code1的第11位(从0开始计数)。
As the structure is a big union, you finally end up testing: _HEAP_ENTRY.Flags 由于结构是一个很大的联合,因此您最终要进行测试:_HEAP_ENTRY.Flags
It happens that a heap flag has already the value 8, its name is: HEAP_ENTRY_VIRTUAL_ALLOC 碰巧堆标志已经具有值8,其名称为:HEAP_ENTRY_VIRTUAL_ALLOC
http://doxygen.reactos.org/da/ddb/heap_8h_source.html#l00044 http://doxygen.reactos.org/da/ddb/heap_8h_source.html#l00044
https://os-design.googlecode.com/svn/trunk/ntos/inc/heap.h https://os-design.googlecode.com/svn/trunk/ntos/inc/heap.h
It seems that this flag is used to manage big allocations, although those blocks are used internally by the system and not available directly to the end user. 似乎该标志用于管理大分配,尽管这些块由系统内部使用,并且不能直接供最终用户使用。
Typically such internal blocks have Flags member set to 9: HEAP_ENTRY_VIRTUAL_ALLOC | 通常,此类内部块的Flags成员设置为9:HEAP_ENTRY_VIRTUAL_ALLOC | HEAP_ENTRY_BUSY HEAP_ENTRY_BUSY
[edit] Example : [edit]示例:
Say I have a heap at 0x005b0000 : 假设我在0x005b0000有一个堆:
0:004> !heap -h
Index Address Name Debugging options enabled
1: 005b0000
This heap (_HEAP) has a HEAP_ENTRY marked as "Internal" at 0x005b8d00: 该堆(_HEAP)在0x005b8d00处具有标记为“内部”的HEAP_ENTRY:
0:004> !heap -h 005b0000
Index Address Name Debugging options enabled
1: 005b0000
Segment at 005b0000 to 006b0000 (0009d000 bytes committed)
Flags: 00000002
ForceFlags: 00000000
Granularity: 8 bytes
Segment Reserve: 00100000
Segment Commit: 00002000
DeCommit Block Thres: 00000800
DeCommit Total Thres: 00002000
Total Free Size: 00001ae8
Max. Allocation Size: 7ffdefff
Lock Variable at: 005b0138
Next TagIndex: 0000
Maximum TagIndex: 0000
Tag Entries: 00000000
PsuedoTag Entries: 00000000
Virtual Alloc List: 005b00a0
Uncommitted ranges: 005b0090
FreeList[ 00 ] at 005b00c4: 0063fbc0 . 00633060 (7 blocks)
Heap entries for Segment00 in Heap 005b0000
005b0000: 00000 . 00588 [101] - busy (587)
//[cut]
005b8d00: 03d20 . 378b0 [101] - busy (378a8) Internal
A detailed view of the HEAP structure (notice the "Encoding" structure (_HEAP_ENTRY) at offset 0x50 which helps to decode the encoded heap entry with an XOR): HEAP结构的详细视图(注意偏移量0x50处的“ Encoding”结构(_HEAP_ENTRY),它有助于使用XOR解码已编码的堆条目):
0:004> dt _heap 005b0000 -r1
ntdll!_HEAP
+0x000 Entry : _HEAP_ENTRY
+0x000 Size : 0xbe38
+0x002 Flags : 0xf5 ''
+0x003 SmallTagIndex : 0xff ''
+0x000 SubSegmentCode : 0xfff5be38
+0x004 PreviousSize : 0xcf53
+0x006 SegmentOffset : 0 ''
+0x006 LFHFlags : 0 ''
+0x007 UnusedBytes : 0x1 ''
+0x000 FunctionIndex : 0xbe38
+0x002 ContextValue : 0xfff5
+0x000 InterceptorValue : 0xfff5be38
+0x004 UnusedBytesLength : 0xcf53
+0x006 EntryOffset : 0 ''
+0x007 ExtendedBlockSignature : 0x1 ''
+0x000 Code1 : 0xfff5be38
+0x004 Code2 : 0xcf53
+0x006 Code3 : 0 ''
+0x007 Code4 : 0x1 ''
+0x000 AgregateCode : 0x100cf53`fff5be38
+0x008 SegmentSignature : 0xffeeffee
+0x00c SegmentFlags : 0
+0x010 SegmentListEntry : _LIST_ENTRY [ 0x5b00a8 - 0x5b00a8 ]
+0x000 Flink : 0x005b00a8 _LIST_ENTRY [ 0x5b0010 - 0x5b0010 ]
+0x004 Blink : 0x005b00a8 _LIST_ENTRY [ 0x5b0010 - 0x5b0010 ]
+0x018 Heap : 0x005b0000 _HEAP
+0x000 Entry : _HEAP_ENTRY
+0x008 SegmentSignature : 0xffeeffee
+0x00c SegmentFlags : 0
+0x010 SegmentListEntry : _LIST_ENTRY [ 0x5b00a8 - 0x5b00a8 ]
+0x018 Heap : 0x005b0000 _HEAP
+0x01c BaseAddress : 0x005b0000
+0x020 NumberOfPages : 0x100
+0x024 FirstEntry : 0x005b0588 _HEAP_ENTRY
+0x028 LastValidEntry : 0x006b0000 _HEAP_ENTRY
+0x02c NumberOfUnCommittedPages : 0x63
+0x030 NumberOfUnCommittedRanges : 1
+0x034 SegmentAllocatorBackTraceIndex : 0
+0x036 Reserved : 0
+0x038 UCRSegmentList : _LIST_ENTRY [ 0x64cff0 - 0x64cff0 ]
+0x040 Flags : 2
+0x044 ForceFlags : 0
+0x048 CompatibilityFlags : 0
+0x04c EncodeFlagMask : 0x100000
+0x050 Encoding : _HEAP_ENTRY
+0x058 PointerKey : 0x75c3a7b
+0x05c Interceptor : 0
+0x060 VirtualMemoryThreshold : 0xfe00
+0x064 Signature : 0xeeffeeff
+0x068 SegmentReserve : 0x100000
+0x06c SegmentCommit : 0x2000
+0x070 DeCommitFreeBlockThreshold : 0x800
+0x074 DeCommitTotalFreeThreshold : 0x2000
+0x078 TotalFreeSize : 0x1ae8
+0x07c MaximumAllocationSize : 0x7ffdefff
+0x080 ProcessHeapsListIndex : 1
+0x082 HeaderValidateLength : 0x138
+0x084 HeaderValidateCopy : (null)
+0x088 NextAvailableTagIndex : 0
+0x08a MaximumTagIndex : 0
+0x08c TagEntries : (null)
+0x090 UCRList : _LIST_ENTRY [ 0x64cfe8 - 0x64cfe8 ]
+0x098 AlignRound : 0xf
+0x09c AlignMask : 0xfffffff8
+0x0a0 VirtualAllocdBlocks : _LIST_ENTRY [ 0x5b00a0 - 0x5b00a0 ]
+0x0a8 SegmentList : _LIST_ENTRY [ 0x5b0010 - 0x5b0010 ]
+0x0b0 AllocatorBackTraceIndex : 0
+0x0b4 NonDedicatedListLength : 0
+0x0b8 BlocksIndex : 0x005b0150
+0x0bc UCRIndex : 0x005b0590
+0x0c0 PseudoTagEntries : (null)
+0x0c4 FreeLists : _LIST_ENTRY [ 0x633060 - 0x63fbc0 ]
+0x0cc LockVariable : 0x005b0138 _HEAP_LOCK
+0x0d0 CommitRoutine : 0x075c3a7b long +75c3a7b
+0x0d4 FrontEndHeap : 0x005b8d08
+0x0d8 FrontHeapLockCount : 0
+0x0da FrontEndHeapType : 0x2 ''
+0x0dc Counters : _HEAP_COUNTERS
+0x130 TuningParameters : _HEAP_TUNING_PARAMETERS
+0x01c BaseAddress : 0x005b0000
+0x020 NumberOfPages : 0x100
+0x024 FirstEntry : 0x005b0588 _HEAP_ENTRY
+0x000 Size : 0xbec1
+0x002 Flags : 0xf5 ''
+0x003 SmallTagIndex : 0x6 ''
+0x000 SubSegmentCode : 0x06f5bec1
+0x004 PreviousSize : 0xcfe2
+0x006 SegmentOffset : 0 ''
+0x006 LFHFlags : 0 ''
+0x007 UnusedBytes : 0x1 ''
+0x000 FunctionIndex : 0xbec1
+0x002 ContextValue : 0x6f5
+0x000 InterceptorValue : 0x6f5bec1
+0x004 UnusedBytesLength : 0xcfe2
+0x006 EntryOffset : 0 ''
+0x007 ExtendedBlockSignature : 0x1 ''
+0x000 Code1 : 0x6f5bec1
+0x004 Code2 : 0xcfe2
+0x006 Code3 : 0 ''
+0x007 Code4 : 0x1 ''
+0x000 AgregateCode : 0x100cfe2`06f5bec1
+0x028 LastValidEntry : 0x006b0000 _HEAP_ENTRY
+0x000 Size : 0xeff8
+0x002 Flags : 0xe7 ''
+0x003 SmallTagIndex : 0xff ''
+0x000 SubSegmentCode : 0xffe7eff8
+0x004 PreviousSize : 0xd3df
+0x006 SegmentOffset : 0xc7 ''
+0x006 LFHFlags : 0xc7 ''
+0x007 UnusedBytes : 0xff ''
+0x000 FunctionIndex : 0xeff8
+0x002 ContextValue : 0xffe7
+0x000 InterceptorValue : 0xffe7eff8
+0x004 UnusedBytesLength : 0xd3df
+0x006 EntryOffset : 0xc7 ''
+0x007 ExtendedBlockSignature : 0xff ''
+0x000 Code1 : 0xffe7eff8
+0x004 Code2 : 0xd3df
+0x006 Code3 : 0xc7 ''
+0x007 Code4 : 0xff ''
+0x000 AgregateCode : 0xffc7d3df`ffe7eff8
+0x02c NumberOfUnCommittedPages : 0x63
+0x030 NumberOfUnCommittedRanges : 1
+0x034 SegmentAllocatorBackTraceIndex : 0
+0x036 Reserved : 0
+0x038 UCRSegmentList : _LIST_ENTRY [ 0x64cff0 - 0x64cff0 ]
+0x000 Flink : 0x0064cff0 _LIST_ENTRY [ 0x5b0038 - 0x5b0038 ]
+0x004 Blink : 0x0064cff0 _LIST_ENTRY [ 0x5b0038 - 0x5b0038 ]
+0x040 Flags : 2
+0x044 ForceFlags : 0
+0x048 CompatibilityFlags : 0
+0x04c EncodeFlagMask : 0x100000
+0x050 Encoding : _HEAP_ENTRY
+0x000 Size : 0xbe89
+0x002 Flags : 0xf4 ''
+0x003 SmallTagIndex : 0x4f 'O'
+0x000 SubSegmentCode : 0x4ff4be89
+0x004 PreviousSize : 0xcf53
+0x006 SegmentOffset : 0 ''
+0x006 LFHFlags : 0 ''
+0x007 UnusedBytes : 0 ''
+0x000 FunctionIndex : 0xbe89
+0x002 ContextValue : 0x4ff4
+0x000 InterceptorValue : 0x4ff4be89
+0x004 UnusedBytesLength : 0xcf53
+0x006 EntryOffset : 0 ''
+0x007 ExtendedBlockSignature : 0 ''
+0x000 Code1 : 0x4ff4be89
+0x004 Code2 : 0xcf53
+0x006 Code3 : 0 ''
+0x007 Code4 : 0 ''
+0x000 AgregateCode : 0xcf53`4ff4be89
+0x058 PointerKey : 0x75c3a7b
+0x05c Interceptor : 0
+0x060 VirtualMemoryThreshold : 0xfe00
+0x064 Signature : 0xeeffeeff
+0x068 SegmentReserve : 0x100000
+0x06c SegmentCommit : 0x2000
+0x070 DeCommitFreeBlockThreshold : 0x800
+0x074 DeCommitTotalFreeThreshold : 0x2000
+0x078 TotalFreeSize : 0x1ae8
+0x07c MaximumAllocationSize : 0x7ffdefff
+0x080 ProcessHeapsListIndex : 1
+0x082 HeaderValidateLength : 0x138
+0x084 HeaderValidateCopy : (null)
+0x088 NextAvailableTagIndex : 0
+0x08a MaximumTagIndex : 0
+0x08c TagEntries : (null)
+0x090 UCRList : _LIST_ENTRY [ 0x64cfe8 - 0x64cfe8 ]
+0x000 Flink : 0x0064cfe8 _LIST_ENTRY [ 0x5b0090 - 0x5b0090 ]
+0x004 Blink : 0x0064cfe8 _LIST_ENTRY [ 0x5b0090 - 0x5b0090 ]
+0x098 AlignRound : 0xf
+0x09c AlignMask : 0xfffffff8
+0x0a0 VirtualAllocdBlocks : _LIST_ENTRY [ 0x5b00a0 - 0x5b00a0 ]
+0x000 Flink : 0x005b00a0 _LIST_ENTRY [ 0x5b00a0 - 0x5b00a0 ]
+0x004 Blink : 0x005b00a0 _LIST_ENTRY [ 0x5b00a0 - 0x5b00a0 ]
+0x0a8 SegmentList : _LIST_ENTRY [ 0x5b0010 - 0x5b0010 ]
+0x000 Flink : 0x005b0010 _LIST_ENTRY [ 0x5b00a8 - 0x5b00a8 ]
+0x004 Blink : 0x005b0010 _LIST_ENTRY [ 0x5b00a8 - 0x5b00a8 ]
+0x0b0 AllocatorBackTraceIndex : 0
+0x0b4 NonDedicatedListLength : 0
+0x0b8 BlocksIndex : 0x005b0150
+0x0bc UCRIndex : 0x005b0590
+0x0c0 PseudoTagEntries : (null)
+0x0c4 FreeLists : _LIST_ENTRY [ 0x633060 - 0x63fbc0 ]
+0x000 Flink : 0x00633060 _LIST_ENTRY [ 0x632fc8 - 0x5b00c4 ]
+0x004 Blink : 0x0063fbc0 _LIST_ENTRY [ 0x5b00c4 - 0x633390 ]
+0x0cc LockVariable : 0x005b0138 _HEAP_LOCK
+0x000 Lock : <unnamed-tag>
+0x0d0 CommitRoutine : 0x075c3a7b long +75c3a7b
+0x0d4 FrontEndHeap : 0x005b8d08
+0x0d8 FrontHeapLockCount : 0
+0x0da FrontEndHeapType : 0x2 ''
+0x0dc Counters : _HEAP_COUNTERS
+0x000 TotalMemoryReserved : 0x100000
+0x004 TotalMemoryCommitted : 0x9d000
+0x008 TotalMemoryLargeUCR : 0
+0x00c TotalSizeInVirtualBlocks : 0
+0x010 TotalSegments : 1
+0x014 TotalUCRs : 1
+0x018 CommittOps : 0x19
+0x01c DeCommitOps : 0
+0x020 LockAcquires : 0xd37
+0x024 LockCollisions : 0
+0x028 CommitRate : 0x24
+0x02c DecommittRate : 0xb
+0x030 CommitFailures : 0
+0x034 InBlockCommitFailures : 0
+0x038 CompactHeapCalls : 0
+0x03c CompactedUCRs : 0
+0x040 AllocAndFreeOps : 0
+0x044 InBlockDeccommits : 0
+0x048 InBlockDeccomitSize : 0
+0x04c HighWatermarkSize : 0x9cde0
+0x050 LastPolledSize : 0x8f9c8
+0x130 TuningParameters : _HEAP_TUNING_PARAMETERS
+0x000 CommittThresholdShift : 4
+0x004 MaxPreCommittThreshold : 0xfe000
Now a detailed view of the _HEAP_ENTRY (marked as internal). 现在,详细介绍_HEAP_ENTRY(标记为内部)。 This is an encoded structure, which can be decoded by XORing it with _HEAP.Encoding member: 这是一种编码的结构,可以通过将其与_HEAP.Encoding成员进行XOR来解码:
0:004> dt _heap_entry 005b8d00
ntdll!_HEAP_ENTRY
+0x000 Size : 0xd19f
+0x002 Flags : 0xfd ''
+0x003 SmallTagIndex : 0x3f '?'
+0x000 SubSegmentCode : 0x3ffdd19f
+0x004 PreviousSize : 0xc8f7
+0x006 SegmentOffset : 0 ''
+0x006 LFHFlags : 0 ''
+0x007 UnusedBytes : 0x8 ''
+0x000 FunctionIndex : 0xd19f
+0x002 ContextValue : 0x3ffd
+0x000 InterceptorValue : 0x3ffdd19f
+0x004 UnusedBytesLength : 0xc8f7
+0x006 EntryOffset : 0 ''
+0x007 ExtendedBlockSignature : 0x8 ''
+0x000 Code1 : 0x3ffdd19f
+0x004 Code2 : 0xc8f7
+0x006 Code3 : 0 ''
+0x007 Code4 : 0x8 ''
+0x000 AgregateCode : 0x800c8f7`3ffdd19f
Now the commented code : 现在注释的代码:
1) Fetch Aggregate form HEAP_ENTRY 1)从HEAP_ENTRY获取汇总
2) Decode (XOR) HEAP_ENTRY with HEAP.Encoding member 2)使用HEAP.Encoding成员解码(XOR)HEAP_ENTRY
3) Shift result to get _HEAP_ENTRY.Flags 3)将结果移位以获得_HEAP_ENTRY.Flags
4) AND result with HEAP_ENTRY_VIRTUAL_ALLOC (8) to see if it's an internal block 4)AND结果与HEAP_ENTRY_VIRTUAL_ALLOC(8)一起看是否是内部块
CPU Disasm
Address Command Comments
730AEF01 PUSH 0 ; /Arg4 = 0
730AEF03 PUSH ??_C@_0N@BCMFEPJJ@AgregateCode?$AA@ ; |Arg3 = ASCII "AgregateCode"
730AEF08 PUSH 0 ; |Arg2 = 0
730AEF0A PUSH 0 ; |Arg1 = 0
730AEF0C CALL GetShortField ; \exts.GetShortField
730AEF11 MOV DWORD PTR SS:[LOCAL.6],EAX ; low part = 0x3FFDD19F (_HEAP_ENTRY.Code1)
730AEF14 MOV DWORD PTR SS:[LOCAL.5],EDX ; high part = 0x0800C8F7
730AEF17 MOV EDX,DWORD PTR SS:[LOCAL.6]
730AEF1A MOV DWORD PTR DS:[730F3158],EDX
730AEF20 MOV EAX,DWORD PTR SS:[LOCAL.5]
730AEF23 MOV DWORD PTR DS:[730F315C],EAX
730AEF28 MOV ECX,DWORD PTR SS:[LOCAL.6] ; 0x3FFDD19F
730AEF2B AND ECX,DWORD PTR DS:[EncodeFlagMask] ; ecx = 0x3FFDD19F ^ 0x00100000 = 0x00100000
730AEF31 JE SHORT 730AEF75
730AEF33 MOV EDX,DWORD PTR SS:[LOCAL.6] ; edx = 0x3FFDD19F
730AEF36 XOR EDX,DWORD PTR DS:[CrtHeapCode] ; edx = 0x3FFDD19F ^ 0x4FF4BE89 = 0x70096F16
730AEF3C MOV EAX,DWORD PTR SS:[LOCAL.5] ; eax = 0x0800C8F7
730AEF3F XOR EAX,DWORD PTR DS:[730F3194] ; eax = 0x0800C8F7 ^ 0xCF53 = 0x080007A4
730AEF45 MOV DWORD PTR SS:[LOCAL.6],EDX ; edx = 0x70096F16
730AEF48 MOV DWORD PTR SS:[LOCAL.5],EAX ; eax = 0x080007A4
;[...]
730AEFEE MOVZX EAX,WORD PTR SS:[LOCAL.6]
730AEFF2 MOV DWORD PTR DS:[CrtHeapEntry],EAX ; entry = 0x6f16
730AEFF7 MOV EAX,DWORD PTR SS:[LOCAL.6] ; low part = 0x70096F16
730AEFFA MOV EDX,DWORD PTR SS:[LOCAL.5] ; high part = 0x080007A4
730AEFFD MOV CL,10
730AEFFF CALL _aullshr
730AF004 MOV BYTE PTR SS:[LOCAL.3+1],AL ; 0x00000800:07A47009 -> al = 9
730AF007 MOVZX ECX,BYTE PTR SS:[LOCAL.3+1]
730AF00B AND ECX,FFFFFFE6
730AF00E OR ECX,DWORD PTR DS:[730F3148]
730AF014 MOV DWORD PTR DS:[730F3148],ECX
730AF01A MOV EDX,DWORD PTR DS:[730F3148]
730AF020 AND EDX,00000001
730AF023 JE SHORT 730AF035
730AF025 MOVZX EAX,BYTE PTR SS:[LOCAL.3+1] ; eax = 9
730AF029 AND EAX,00000008 ; 9 & 8 = 1
730AF02C JE SHORT 730AF035
730AF02E MOV BYTE PTR DS:[730F3152],1 ; set "Internal" flag
Hope it helps! 希望能帮助到你!
解决方案2
0 2021-09-17 00:39:57
At least sometimes Internal means that the memory block corresponds to LFH heap entry.至少有时Internal意味着 memory 块对应于 LFH 堆条目。 I have a windbg dump that reported lots of internal entries with !heap -h .我有一个 windbg 转储,它使用!heap -h报告了许多内部条目。 However after applying !heap -hl windbg shows more detailed information like但是,在应用!heap -hl windbg 后会显示更详细的信息,例如
...
0000000026ae0c70: 40000 . 40000 [101] - busy (3fff0) Internal
LFH data region at 0000000026ae0c80 (subsegment 00000000269c09c0):
0000000026ae0ca0: 00910 - busy (908)
0000000026ae15b0: 00910 - busy (908)
0000000026ae1ec0: 00910 - busy (908)
0000000026ae27d0: 00910 - busy (908)
0000000026ae30e0: 00910 - busy (908)
0000000026ae39f0: 00910 - busy (908)
0000000026ae4300: 00910 - busy (908)
0000000026ae4c10: 00910 - busy (908)
0000000026ae5520: 00910 - busy (908)
0000000026ae5e30: 00910 - busy (908)
...skipped
0000000026b1df60: 00910 - busy (908)
0000000026b1e870: 00910 - busy (908)
0000000026b1f180: 00910 - busy (908)
0000000026b1fa90: 00910 - busy (908)
0000000026b20c70: 40000 . 10000 [101] - busy (fff0) Internal
LFH data region at 0000000026b20c80 (subsegment 00000000269c09f0):
0000000026b20ca0: 00020 - busy (18)
0000000026b20cc0: 00020 - busy (10)
0000000026b20ce0: 00020 - busy (18)
....
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
从windbg堆中输出垃圾 - output garbage from windbg heap summary
探查器输出中的线程并发开销时间是什么意思? - What's the meaning of thread concurrency overhead time in the profiler output?
Windbg:ChildEBP和RetAddr的含义 - Windbg: Meaning of ChildEBP and RetAddr
*&是什么意思 - what's the meaning of *&
cpp中“&::”的含义是什么? - what's the meaning of "&::" in cpp?
分配的标志是什么意思 - what's meaning that sign of assignment
内存堆损坏和GFlags / windbg - Memory heap corruption and GFlags/windbg
递归noexcept()的含义是什么? - What's the meaning of recursive noexcept()?
这部分代码是什么意思? - What's the meaning of this part of code?
这个“this”关键字的含义是什么? - What's the meaning of “this” keyword here?
相关标签