0:000> !heap
Heap Address NT/Segment Heap
210000 NT Heap
10000 NT Heap
20000 NT Heap
0:000> g
执行一个指令后:
0:001> !heap -p -a 0x2193b8
address 002193b8 found in
_HEAP @ 210000
HEAP_ENTRY Size Prev Flags UserPtr UserSize - state
002193b0 0043 0000 [00] 002193b8 00200 - (busy)
检查进程默认堆
0:001> !peb
PEB at 7ffd8000
其他。。
ProcessHeap: 00210000
ProcessParameters: 00211260
其他。。
验证了上一篇博客的想法,进程默认堆的内存分配。
现在验证额外的dll 的内存的操作
看起来还是用的系统默认堆,也好立即,毕竟链接的是同一套的lib,操作是相同的。
相关代码:参考上一个代码:应用层内存管理及调试的学习-----(1)
- 我们想验证,dll 内部申请的其它堆,是否会被释放,所以要额外的做一个手动的堆,做测试,dll现在默认用系统默认堆,它肯定不会在退出的时候释放系统默认堆
- 观察dll 释放后的堆的结构发现:
- 一个是21efe8 的内存是没有被释放的,一个是221020 这块内存,很诡异,可以标识一个被释放的dll。其中的内存现在也还可以访问:
- 系统维护这样一个东西,可能是为了好排查问题吧。因为我们的dll 很简单,理论上来说,只有21efe8 的内存算是内存泄漏
修改dll 代码为:
HANDLE hHeap = HeapCreate(0, 0x2000, 4 * 1024 * 1024);//最大4mb
void* temp = HeapAlloc(hHeap, 0, 0x2007);
char flag[] = "hello world";
memcpy_s(temp, 0x1000,flag, sizeof(flag));
printf("[%p]\n", temp);
写创建自己的堆的代码时,发现有个参数指定的是堆的最大大小,这里填写了0x4000,观察了一下系统的默认堆的大小,够意思了
0:001> !heap
Heap Address NT/Segment Heap
210000 NT Heap
10000 NT Heap
20000 NT Heap
470000 NT Heap
0:001> !heap -p -a 470590
address 00470590 found in
_HEAP @ 470000
HEAP_ENTRY Size Prev Flags UserPtr UserSize - state
00470588 0404 0000 [00] 00470590 02007 - (busy)
0:001> !heap -p -all
_HEAP @ 210000
No FrontEnd
_HEAP_SEGMENT @ 210000
CommittedRange @ 210588
HEAP_ENTRY Size Prev Flags UserPtr UserSize - state
* 00210588 004a 0000 [00] 00210590 00248 - (busy)
002107d8 0006 004a [00] 002107e0 00018 - (busy)
0021ef70 000e 000c [00] 0021ef78 0004b - (busy)
0021efe0 0203 000e [00] 0021efe8 01000 - (busy)
0021fff8 01fd 0203 [00] 00220000 00fe0 - (free)
* 00220fe0 0004 01fd [00] 00220fe8 00018 - (busy)
VirtualAllocdBlocks @ 2100a0
_HEAP @ 10000
No FrontEnd
_HEAP_SEGMENT @ 10000
CommittedRange @ 10588
00010588 014b 0004 [00] 00010590 00a50 - (free)
* 00010fe0 0004 014b [00] 00010fe8 00018 - (busy)
VirtualAllocdBlocks @ 100a0
_HEAP @ 20000
No FrontEnd
_HEAP_SEGMENT @ 20000
CommittedRange @ 20588
00020588 0406 0004 [00] 00020590 02018 - (busy)
000225b8 1b45 0406 [00] 000225c0 0da20 - (free)
* 0002ffe0 0004 1b45 [00] 0002ffe8 00018 - (busy)
VirtualAllocdBlocks @ 200a0
_HEAP @ 470000
No FrontEnd
_HEAP_SEGMENT @ 470000
CommittedRange @ 470588
00470588 0404 0004 [00] 00470590 02007 - (busy)------中遇到了我们的申请到的内存了
004725a8 0547 0404 [00] 004725b0 02a30 - (free)
* 00474fe0 0004 0547 [00] 00474fe8 00018 - (busy)
VirtualAllocdBlocks @ 4700a0
这个是整个的运行过程,下面是dll 中的内存被释放的时候的情况了
0:001> !heap -p -a 470590
address 00470590 found in
_HEAP @ 470000
HEAP_ENTRY Size Prev Flags UserPtr UserSize - state
00470588 0404 0000 [00] 00470590 02007 - (busy)
0:001> !heap -p -all
_HEAP @ 210000
No FrontEnd
_HEAP_SEGMENT @ 210000
CommittedRange @ 210588
HEAP_ENTRY Size Prev Flags UserPtr UserSize - state
* 00210588 004a 0000 [00] 00210590 00248 - (busy)
ExeTestDllHeapTest!_iob
00215e60 008b 0103 [00] 00215e68 00440 - (busy)
ExeTestDllHeapTest!_days
002162b8 0007 008b [00] 002162c0 00020 - (busy)
ExeTestDllHeapTest!std::locale::_Locimp::`vftable'
002164d0 0004 0007 [00] 002164d8 00002 - (busy)
ExeTestDllHeapTest!std::ctype<char>::`vftable'
00216540 0004 0006 [00] 00216548 00006 - (busy)
? ExeTestDllHeapTest!__newctype+100
00217098 0012 001a [00] 002170a0 00088 - (free)
0021fff8 02e3 03f9 [00] 00220000 01700 - (busy) 又是这个被释放的dll 的标识
<Unloaded_DllHeapTest.dll>
00221710 031a 02e3 [00] 00221718 018c8 - (free)
* 00222fe0 0004 031a [00] 00222fe8 00018 - (busy)
VirtualAllocdBlocks @ 2100a0
_HEAP @ 10000
No FrontEnd
_HEAP_SEGMENT @ 10000
CommittedRange @ 10588
00010588 014b 0004 [00] 00010590 00a50 - (free)
* 00010fe0 0004 014b [00] 00010fe8 00018 - (busy)
VirtualAllocdBlocks @ 100a0
_HEAP @ 20000
No FrontEnd
_HEAP_SEGMENT @ 20000
CommittedRange @ 20588
00020588 0406 0004 [00] 00020590 02018 - (busy)
000225b8 1b45 0406 [00] 000225c0 0da20 - (free)
* 0002ffe0 0004 1b45 [00] 0002ffe8 00018 - (busy)
VirtualAllocdBlocks @ 200a0
_HEAP @ 470000
No FrontEnd
_HEAP_SEGMENT @ 470000
CommittedRange @ 470588
00470588 0404 0004 [00] 00470590 02007 - (busy)---- 还是到了这里,显然,这块内存是没有被释放的。
004725a8 0547 0404 [00] 004725b0 02a30 - (free)
* 00474fe0 0004 0547 [00] 00474fe8 00018 - (busy)
VirtualAllocdBlocks @ 4700a0
这个内存泄漏的结论就清楚了。