archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/wmi/wbem/winmgmt/wmiexts/heaputil.cpp

2348 lines
70 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 2000-2001 Microsoft Corporation
  5. Module Name:
  7. heaputil.cpp
  9. Revision History:
  11. ivanbrug oct 2000 created
  13. --*/
  15. #include <wmiexts.h>
  16. #include <utilfun.h>
  17. #include <malloc.h>
  19. /*
  20. #if defined(_WIN64)
  21. #define HEAP_GRANULARITY_SHIFT 4 // Log2( HEAP_GRANULARITY )
  22. #else
  23. #define HEAP_GRANULARITY_SHIFT 3 // Log2( HEAP_GRANULARITY )
  24. #endif
  26. #define HEAP_ENTRY_BUSY 0x01
  27. #define HEAP_ENTRY_EXTRA_PRESENT 0x02
  28. #define HEAP_ENTRY_FILL_PATTERN 0x04
  29. #define HEAP_ENTRY_VIRTUAL_ALLOC 0x08
  30. #define HEAP_ENTRY_LAST_ENTRY 0x10
  31. #define HEAP_ENTRY_SETTABLE_FLAG1 0x20
  32. #define HEAP_ENTRY_SETTABLE_FLAG2 0x40
  33. #define HEAP_ENTRY_SETTABLE_FLAG3 0x80
  34. #define HEAP_ENTRY_SETTABLE_FLAGS 0xE0
  37. typedef struct _HEAP_ENTRY {
  39. //
  40. // This field gives the size of the current block in allocation
  41. // granularity units. (i.e. Size << HEAP_GRANULARITY_SHIFT
  42. // equals the size in bytes).
  43. //
  44. // Except if this is part of a virtual alloc block then this
  45. // value is the difference between the commit size in the virtual
  46. // alloc entry and the what the user asked for.
  47. //
  49. USHORT Size;
  51. //
  52. // This field gives the size of the previous block in allocation
  53. // granularity units. (i.e. PreviousSize << HEAP_GRANULARITY_SHIFT
  54. // equals the size of the previous block in bytes).
  55. //
  57. USHORT PreviousSize;
  59. //
  60. // This field contains the index into the segment that controls
  61. // the memory for this block.
  62. //
  64. UCHAR SegmentIndex;
  66. //
  67. // This field contains various flag bits associated with this block.
  68. // Currently these are:
  69. //
  70. // 0x01 - HEAP_ENTRY_BUSY
  71. // 0x02 - HEAP_ENTRY_EXTRA_PRESENT
  72. // 0x04 - HEAP_ENTRY_FILL_PATTERN
  73. // 0x08 - HEAP_ENTRY_VIRTUAL_ALLOC
  74. // 0x10 - HEAP_ENTRY_LAST_ENTRY
  75. // 0x20 - HEAP_ENTRY_SETTABLE_FLAG1
  76. // 0x40 - HEAP_ENTRY_SETTABLE_FLAG2
  77. // 0x80 - HEAP_ENTRY_SETTABLE_FLAG3
  78. //
  80. UCHAR Flags;
  82. //
  83. // This field contains the number of unused bytes at the end of this
  84. // block that were not actually allocated. Used to compute exact
  85. // size requested prior to rounding requested size to allocation
  86. // granularity. Also used for tail checking purposes.
  87. //
  89. UCHAR UnusedBytes;
  91. //
  92. // Small (8 bit) tag indexes can go here.
  93. //
  95. UCHAR SmallTagIndex;
  97. #if defined(_WIN64)
  98. ULONGLONG Reserved1;
  99. #endif
  101. } HEAP_ENTRY, *PHEAP_ENTRY;
  103. typedef struct _HEAP_UNCOMMMTTED_RANGE {
  104. struct _HEAP_UNCOMMMTTED_RANGE *Next;
  105. ULONG_PTR Address;
  106. SIZE_T Size;
  107. ULONG filler;
  108. } HEAP_UNCOMMMTTED_RANGE, *PHEAP_UNCOMMMTTED_RANGE;
  111. typedef struct _HEAP_SEGMENT {
  112. HEAP_ENTRY Entry;
  114. ULONG Signature;
  115. ULONG Flags;
  116. struct _HEAP *Heap;
  117. SIZE_T LargestUnCommittedRange;
  119. PVOID BaseAddress;
  120. ULONG NumberOfPages;
  121. PHEAP_ENTRY FirstEntry;
  122. PHEAP_ENTRY LastValidEntry;
  124. ULONG NumberOfUnCommittedPages;
  125. ULONG NumberOfUnCommittedRanges;
  126. PHEAP_UNCOMMMTTED_RANGE UnCommittedRanges;
  127. USHORT AllocatorBackTraceIndex;
  128. USHORT Reserved;
  129. PHEAP_ENTRY LastEntryInSegment;
  130. } HEAP_SEGMENT, *PHEAP_SEGMENT;
  131. */
  134. typedef ULONG_PTR ERESOURCE_THREAD;
  135. typedef ERESOURCE_THREAD *PERESOURCE_THREAD;
  137. typedef struct _OWNER_ENTRY {
  138. ERESOURCE_THREAD OwnerThread;
  139. union {
  140. LONG OwnerCount;
  141. ULONG TableSize;
  142. };
  144. } OWNER_ENTRY, *POWNER_ENTRY;
  147. typedef void * PKSEMAPHORE;
  148. typedef void * PKEVENT;
  150. typedef struct _ERESOURCE {
  151. LIST_ENTRY SystemResourcesList;
  152. POWNER_ENTRY OwnerTable;
  153. SHORT ActiveCount;
  154. USHORT Flag;
  155. PKSEMAPHORE SharedWaiters;
  156. PKEVENT ExclusiveWaiters;
  157. OWNER_ENTRY OwnerThreads[2];
  158. ULONG ContentionCount;
  159. USHORT NumberOfSharedWaiters;
  160. USHORT NumberOfExclusiveWaiters;
  161. union {
  162. PVOID Address;
  163. ULONG_PTR CreatorBackTraceIndex;
  164. };
  166. KSPIN_LOCK SpinLock;
  167. } ERESOURCE, *PERESOURCE;
  169. //typedef void * PRTL_TRACE_BLOCK;
  171. #include "heap.h"
  172. #include "heappagi.h"
  174. #define HE_VERBOSITY_FLAGS 1
  175. #define HE_VERBOSITY_NUMERIC 2
  176. #define HE_VERBOSITY_VTABLE 4
  178. #if defined(_X86_)
  179. #ifndef PAGE_SIZE
  180. #define PAGE_SIZE 0x1000
  181. #endif
  182. #define USER_ALIGNMENT 8
  184. #elif defined(_IA64_)
  185. #ifndef PAGE_SIZE
  186. #define PAGE_SIZE 0x2000
  187. #endif
  188. #define USER_ALIGNMENT 16
  190. #elif defined(_AMD64_)
  191. #ifndef PAGE_SIZE
  192. #define PAGE_SIZE 0x1000
  193. #endif
  194. #define USER_ALIGNMENT 16
  196. #else
  197. #error // platform not defined
  198. #endif
  201. //
  202. //
  203. //
  204. //
  205. //
  207. typedef DWORD (__stdcall * fnCallBack)(ULONG_PTR pParam1,ULONG_PTR pParam2);
  209. DWORD g_UsedInHeap = 0;
  211. void
  212. PrintHeapEntry(HEAP_ENTRY * pEntry,void * pAddr)
  213. {
  215. BYTE varEntry[sizeof(HEAP_ENTRY)+2*sizeof(void *)];
  216. LIST_ENTRY * pListEntry = (LIST_ENTRY *)((HEAP_ENTRY *)varEntry+1);
  218. DWORD PrintSize = 0;
  219. BOOL bIsPossiblePageHeap = FALSE;
  220. if (pEntry->Flags & HEAP_ENTRY_BUSY)
  221. {
  222. // re-read the entry, to get if it's on the LookAside
  223. if (ReadMemory((MEMORY_ADDRESS)pAddr,varEntry,sizeof(varEntry),NULL))
  224. {
  225. #ifdef WIN64
  226. if (0xf0f0f0f0f0f0f0f0 == (ULONG_PTR)pListEntry->Blink )
  227. #else
  228. if (0xf0f0f0f0 == (ULONG_PTR)pListEntry->Blink )
  229. #endif
  230. {
  231. PrintSize = 0xf7eef7ee;
  232. }
  233. else
  234. {
  235. PrintSize = (pEntry->Size<<HEAP_GRANULARITY_SHIFT)-pEntry->UnusedBytes;
  236. g_UsedInHeap += PrintSize;
  237. }
  239. DWORD Sign = *((DWORD *)pListEntry);
  240. //dprintf("Sign %08x\n",Sign);
  241. if (0xabcdaaaa == Sign)
  242. {
  243. bIsPossiblePageHeap = TRUE;
  244. }
  245. }
  246. else
  247. {
  248. PrintSize = (pEntry->Size<<HEAP_GRANULARITY_SHIFT)-pEntry->UnusedBytes;
  249. g_UsedInHeap += PrintSize;
  250. }
  251. }
  252. else
  253. {
  254. PrintSize = 0xf7eef7ee;
  255. }
  257. dprintf(" %p: %04x . %04x [%02x] - (%x)\n",
  258. pAddr,pEntry->Size,pEntry->PreviousSize,pEntry->Flags,PrintSize);
  260. if (bIsPossiblePageHeap)
  261. {
  262. //dprintf("Possible %p\n",(MEMORY_ADDRESS)((BYTE*)pAddr+sizeof(HEAP_ENTRY)+sizeof(DPH_BLOCK_INFORMATION)));
  263. GetVTable((MEMORY_ADDRESS)((BYTE*)pAddr+sizeof(HEAP_ENTRY)+sizeof(DPH_BLOCK_INFORMATION)));
  264. }
  265. else
  266. GetVTable((MEMORY_ADDRESS)((BYTE*)pAddr+sizeof(HEAP_ENTRY)));
  267. };
  269. //
  270. //
  271. // print the HEAP_ENTRY structure
  272. //
  274. DECLARE_API(he) {
  276. INIT_API();
  278. DEFINE_CPP_VAR( HEAP_ENTRY, varHEAP_ENTRY);
  279. HEAP_ENTRY * pEntry = GET_CPP_VAR_PTR( HEAP_ENTRY , varHEAP_ENTRY );
  280. memset(pEntry,0xfe,sizeof(HEAP_ENTRY));
  282. MEMORY_ADDRESS pByte = GetExpression(args);
  284. if (pByte)
  285. {
  286. if (ReadMemory((MEMORY_ADDRESS)pByte,pEntry ,sizeof(HEAP_ENTRY),NULL))
  287. {
  288. PrintHeapEntry(pEntry,(void *)pByte);
  289. }
  290. else
  291. {
  292. dprintf("RM %p\n",pByte);
  293. }
  294. } else {
  295. dprintf("invalid HEAP_ENTRY address %s\n",args);
  296. }
  297. }
  299. //
  300. // HEAP_ENTRY list
  301. // finds the beginning of the "list" of HEAP_ENTRYs
  302. //
  304. DECLARE_API(heb) {
  306. INIT_API();
  308. MEMORY_ADDRESS pEntry = GetExpression(args);
  310. if (pEntry){
  311. HEAP_ENTRY HeapEntry;
  312. ReadMemory((MEMORY_ADDRESS)pEntry,&HeapEntry,sizeof(HeapEntry),0);
  314. PrintHeapEntry(&HeapEntry,(void *)pEntry);
  316. while (HeapEntry.PreviousSize)
  317. {
  318. pEntry = (MEMORY_ADDRESS)((HEAP_ENTRY*)pEntry - HeapEntry.PreviousSize);
  319. if (ReadMemory((MEMORY_ADDRESS)pEntry,&HeapEntry,sizeof(HeapEntry),0))
  320. {
  321. PrintHeapEntry(&HeapEntry,(void *)pEntry);
  322. }
  323. else
  324. {
  325. dprintf("RM %p\n",pEntry);
  326. break;
  327. }
  329. if (CheckControlC())
  330. break;
  331. }
  333. dprintf(" begin %08x\n",pEntry);
  334. } else {
  335. dprintf("invalid address %s\n",args);
  336. };
  338. }
  340. //
  341. //
  342. // HEAP_ENTRY forward
  343. //
  344. //////////////////////////////////////////////////////
  346. DECLARE_API(hef) {
  348. INIT_API();
  350. DWORD BeginNum=0;
  352. MEMORY_ADDRESS pEntry = GetExpression(args);
  354. if (pEntry)
  355. {
  356. HEAP_ENTRY HeapEntry;
  357. ReadMemory((MEMORY_ADDRESS)pEntry,&HeapEntry,sizeof(HeapEntry),0);
  359. PrintHeapEntry(&HeapEntry,(void *)pEntry);
  361. while (!(HeapEntry.Flags & HEAP_ENTRY_LAST_ENTRY))
  362. {
  363. pEntry = (MEMORY_ADDRESS)((HEAP_ENTRY*)pEntry + HeapEntry.Size);
  364. if (ReadMemory((MEMORY_ADDRESS)pEntry,&HeapEntry,sizeof(HeapEntry),0))
  365. {
  366. PrintHeapEntry(&HeapEntry,(void *)pEntry);
  367. }
  368. else
  369. {
  370. dprintf("RM %p\n",pEntry);
  371. break;
  372. }
  374. if (CheckControlC())
  375. break;
  377. }
  379. dprintf(" end %08x\n",pEntry);
  380. } else {
  381. dprintf("invalid address %s\n",args);
  382. };
  384. }
  386. DWORD EnumEntries(HEAP_ENTRY * pEntry,DWORD * pSize,fnCallBack CallBack,ULONG_PTR Addr){
  388. DWORD i=0;
  389. HEAP_ENTRY HeapEntry;
  390. DWORD Size=0;
  391. ReadMemory((MEMORY_ADDRESS)pEntry,&HeapEntry,sizeof(HeapEntry),0);
  393. if (CallBack)
  394. {
  395. CallBack((ULONG_PTR)pEntry,Addr);
  396. }
  397. else
  398. {
  399. PrintHeapEntry(&HeapEntry,pEntry);
  400. };
  402. while (!(HeapEntry.Flags & HEAP_ENTRY_LAST_ENTRY))
  403. {
  404. if (0 == HeapEntry.Size)
  405. {
  406. dprintf("HEAP_ENTRY %p with zero Size\n",pEntry);
  407. break;
  408. }
  409. pEntry = (HEAP_ENTRY*)pEntry + HeapEntry.Size;
  410. if (ReadMemory((MEMORY_ADDRESS)pEntry,&HeapEntry,sizeof(HeapEntry),0))
  411. {
  412. if (CallBack)
  413. {
  414. CallBack((ULONG_PTR)pEntry,Addr);
  415. }
  416. else
  417. {
  418. PrintHeapEntry(&HeapEntry,pEntry);
  419. };
  420. }
  421. else
  422. {
  423. dprintf("RM %p\n",pEntry);
  424. break;
  425. }
  427. i++;
  428. Size += ((HeapEntry.Size<<HEAP_GRANULARITY_SHIFT)-HeapEntry.UnusedBytes);
  430. if (CheckControlC())
  431. break;
  433. }
  435. if (pSize){
  436. *pSize = Size;
  437. }
  439. return i;
  440. }
  442. void
  443. PrintHEAP_SEGMENT(HEAP_SEGMENT * pSeg_OOP,
  444. fnCallBack CallBack,
  445. ULONG_PTR Addr)
  446. {
  447. DEFINE_CPP_VAR( HEAP_SEGMENT, varHEAP_SEGMENT);
  448. HEAP_SEGMENT * pSeg = GET_CPP_VAR_PTR( HEAP_SEGMENT , varHEAP_SEGMENT );
  450. BOOL bRet = ReadMemory((MEMORY_ADDRESS)pSeg_OOP,pSeg ,sizeof(HEAP_SEGMENT),0);
  452. if (bRet)
  453. {
  454. if (!CallBack)
  455. dprintf(" Flags %08x HEAP %p\n",pSeg->Flags,pSeg->Heap);
  457. //SIZE_T LargestUnCommittedRange;
  459. //PVOID BaseAddress;
  460. //ULONG NumberOfPages;
  461. //PHEAP_ENTRY FirstEntry;
  462. //PHEAP_ENTRY LastValidEntry;
  464. //ULONG NumberOfUnCommittedPages;
  465. DWORD unComm = pSeg->NumberOfUnCommittedRanges;
  466. //PHEAP_UNCOMMMTTED_RANGE UnCommittedRanges;
  467. //USHORT AllocatorBackTraceIndex;
  468. //USHORT Reserved;
  469. //PHEAP_ENTRY LastEntryInSegment;
  471. HEAP_UNCOMMMTTED_RANGE UncRange;
  472. HEAP_UNCOMMMTTED_RANGE * pUncRange = pSeg->UnCommittedRanges;
  473. HEAP_ENTRY ** pCommRange = (HEAP_ENTRY **)_alloca(sizeof(HEAP_ENTRY *)*(unComm+1));
  475. DWORD Size=0;
  476. DWORD Num=0;
  478. pCommRange[0] = (HEAP_ENTRY *)pSeg->FirstEntry;
  480. Num = EnumEntries(pCommRange[0],&Size,CallBack,Addr);
  482. if (!CallBack)
  483. dprintf(" - %p Size %p entries %d \n",pCommRange[0],Size,Num);
  485. for (DWORD i=0; i<unComm; i++)
  486. {
  489. bRet = ReadMemory((MEMORY_ADDRESS)pUncRange,&UncRange,sizeof(UncRange),NULL);
  490. if (bRet)
  491. {
  492. pUncRange = UncRange.Next;
  493. pCommRange[1+i] = (HEAP_ENTRY *)(UncRange.Address + UncRange.Size);
  495. if (NULL == pUncRange)
  496. {
  497. if ((ULONG_PTR)pCommRange[1+i] == (ULONG_PTR)pSeg->LastValidEntry)
  498. break;
  499. }
  501. Num = EnumEntries(pCommRange[1+i],&Size,CallBack,Addr);
  503. if (!CallBack)
  504. dprintf(" - %p Size %p entries %d\n",pCommRange[1+i],Size,Num);
  505. }
  506. else
  507. {
  508. dprintf("RM %p\n",pUncRange);
  509. }
  510. }
  511. } else {
  512. dprintf("RM %p\n",pSeg_OOP);
  513. }
  515. }
  517. //
  518. //
  519. // Dump the HEAP_SEGMENT
  520. //
  522. DECLARE_API(hs) {
  524. INIT_API();
  526. MEMORY_ADDRESS pByte = 0;
  527. pByte = GetExpression(args);
  529. if (pByte)
  530. {
  531. PrintHEAP_SEGMENT((HEAP_SEGMENT *)pByte,NULL,NULL);
  532. }
  533. else
  534. {
  535. dprintf("invalid address %s\n",args);
  536. }
  537. }
  539. //
  540. // Define heap lookaside list allocation functions.
  541. //
  543. struct SLIST_HEADER_
  544. {
  545. SLIST_HEADER_ * Next;
  546. ULONG_PTR Align;
  547. };
  549. typedef struct _HEAP_LOOKASIDE {
  550. SLIST_HEADER_ ListHead;
  552. USHORT Depth;
  553. USHORT MaximumDepth;
  555. ULONG TotalAllocates;
  556. ULONG AllocateMisses;
  557. ULONG TotalFrees;
  558. ULONG FreeMisses;
  560. ULONG LastTotalAllocates;
  561. ULONG LastAllocateMisses;
  563. ULONG Counters[2];
  564. #ifdef _IA64_
  565. DWORD Pad[3];
  566. #else
  567. DWORD Pad;
  568. #endif
  570. } HEAP_LOOKASIDE, *PHEAP_LOOKASIDE;
  574. void Dump_LookAside(ULONG_PTR pLookAside_OOP)
  575. {
  576. DWORD dwSize = sizeof(HEAP_LOOKASIDE) * HEAP_MAXIMUM_FREELISTS ;
  578. BYTE * pData = new BYTE[dwSize];
  580. if (pData)
  581. {
  582. if (ReadMemory(pLookAside_OOP,pData,dwSize,NULL))
  583. {
  584. DWORD i;
  585. HEAP_LOOKASIDE * pLookasideArray = (HEAP_LOOKASIDE *)pData;
  588. BYTE varHEAP_ENTRY[sizeof(HEAP_ENTRY)+sizeof(SLIST_HEADER_)];
  589. HEAP_ENTRY * pEntry = GET_CPP_VAR_PTR( HEAP_ENTRY , varHEAP_ENTRY );
  590. SLIST_HEADER_ * pSListEntry = (SLIST_HEADER_ *)(pEntry+1);
  592. char Fill[8];
  593. memset(Fill,0xf0,8);
  595. for(i=0;i<HEAP_MAXIMUM_FREELISTS;i++)
  596. {
  597. ULONG_PTR pTmp;
  598. SLIST_HEADER_ * pHead_OOP = pLookasideArray[i].ListHead.Next;
  599. #ifdef _IA64_
  600. pTmp = (ULONG_PTR)pHead_OOP;
  601. pTmp>>=25;
  602. pTmp<<=4;
  603. pHead_OOP = (SLIST_HEADER_ *)pTmp;
  604. #endif
  606. dprintf(" LookAside[%x] - %p Depth %x Maximum %x\n",
  607. i,
  608. pHead_OOP, //pLookasideArray[i].ListHead.Next,
  609. pLookasideArray[i].Depth,
  610. pLookasideArray[i].MaximumDepth);
  612. //dprintf("size %x %p\n",sizeof(HEAP_LOOKASIDE),pHead_OOP);
  613. USHORT Depth = 0;
  614. while(pHead_OOP)
  615. {
  616. HEAP_ENTRY * pEntry_OOP = (HEAP_ENTRY *)pHead_OOP-1;
  618. if (ReadMemory((MEMORY_ADDRESS)pEntry_OOP,pEntry,sizeof(varHEAP_ENTRY),NULL))
  619. {
  620. ULONG_PTR pToWrite = sizeof(ULONG_PTR) + (ULONG_PTR)pHead_OOP;
  621. WriteMemory(pToWrite,Fill,sizeof(ULONG_PTR),0);
  623. pHead_OOP = pSListEntry->Next;
  624. PrintHeapEntry(pEntry,pEntry_OOP);
  625. }
  626. else
  627. {
  628. dprintf("RM %d\n",GetLastError());
  629. break;
  630. }
  631. Depth++;
  632. if (Depth > pLookasideArray[i].MaximumDepth)
  633. {
  634. dprintf("MaximumDepth exceeded\n");
  635. break;
  636. }
  637. };
  638. }
  639. }
  640. else
  641. {
  642. dprintf("RM %d\n",GetLastError());
  643. }
  644. delete [] pData;
  645. }
  647. }
  649. #define HEAP_FRONT_LOOKASIDE 1
  650. #define HEAP_FRONT_LOWFRAGHEAP 2
  652. //
  653. // prepares the Lookaside list for dump
  654. //
  655. DECLARE_API(lhp)
  656. {
  657. INIT_API();
  659. DEFINE_CPP_VAR( HEAP, varHEAP);
  660. HEAP * pHeap = GET_CPP_VAR_PTR( HEAP , varHEAP );
  661. MEMORY_ADDRESS pByte = GetExpression(args);
  662. DWORD i;
  664. if (pByte)
  665. {
  666. if (ReadMemory(pByte,pHeap ,sizeof(HEAP),NULL))
  667. {
  669. //dprintf("----- LookAside %p\n",pHeap->FrontEndHeap);
  670. if (1 == pHeap->FrontEndHeapType)
  671. Dump_LookAside((ULONG_PTR)pHeap->FrontEndHeap);
  672. else
  673. dprintf("_HEAP FrontEndHeapType %d not recognized \n",pHeap->FrontEndHeapType);
  674. }
  675. else
  676. {
  677. dprintf("RM %p %d\n",pByte,GetLastError());
  678. }
  679. }
  680. else
  681. {
  682. dprintf("invalid heap address %s\n",args);
  683. }
  684. }
  686. //
  687. // Low fragmentation heap data structures
  688. //
  690. typedef struct _BLOCK_ENTRY : HEAP_ENTRY
  691. {
  692. USHORT LinkOffset;
  693. USHORT Reserved2;
  695. } BLOCK_ENTRY, *PBLOCK_ENTRY;
  699. typedef struct _INTERLOCK_SEQ {
  701. union {
  703. struct {
  705. union {
  707. struct {
  709. USHORT Depth;
  710. USHORT FreeEntryOffset;
  711. };
  712. volatile ULONG OffsetAndDepth;
  713. };
  714. volatile ULONG Sequence;
  715. };
  717. volatile LONGLONG Exchg;
  718. };
  720. } INTERLOCK_SEQ, *PINTERLOCK_SEQ;
  722. struct _HEAP_USERDATA_HEADER;
  724. typedef struct _HEAP_SUBSEGMENT {
  726. PVOID Bucket;
  728. volatile struct _HEAP_USERDATA_HEADER * UserBlocks;
  730. INTERLOCK_SEQ AggregateExchg;
  732. union {
  734. struct {
  735. USHORT BlockSize;
  736. USHORT FreeThreshold;
  737. USHORT BlockCount;
  738. UCHAR SizeIndex;
  739. UCHAR AffinityIndex;
  740. };
  742. ULONG Alignment[2];
  743. };
  745. SINGLE_LIST_ENTRY SFreeListEntry;
  746. volatile ULONG Lock;
  748. } HEAP_SUBSEGMENT, *PHEAP_SUBSEGMENT;
  750. typedef struct _HEAP_USERDATA_HEADER {
  752. union {
  754. SINGLE_LIST_ENTRY SFreeListEntry;
  755. PHEAP_SUBSEGMENT SubSegment;
  756. };
  758. PVOID HeapHandle;
  760. ULONG_PTR SizeIndex;
  761. ULONG_PTR Signature;
  763. } HEAP_USERDATA_HEADER, *PHEAP_USERDATA_HEADER;
  766. typedef union _HEAP_BUCKET_COUNTERS{
  768. struct {
  770. volatile ULONG TotalBlocks;
  771. volatile ULONG SubSegmentCounts;
  772. };
  774. volatile LONGLONG Aggregate64;
  776. } HEAP_BUCKET_COUNTERS, *PHEAP_BUCKET_COUNTERS;
  778. //
  779. // The HEAP_BUCKET structure handles same size allocations
  780. //
  782. typedef struct _HEAP_BUCKET {
  784. HEAP_BUCKET_COUNTERS Counters;
  786. USHORT BlockUnits;
  787. UCHAR SizeIndex;
  788. UCHAR UseAffinity;
  790. LONG Conversions;
  792. } HEAP_BUCKET, *PHEAP_BUCKET;
  794. //
  795. // LFH heap uses zones to allocate sub-segment descriptors. This will preallocate
  796. // a large block and then for each individual sub-segment request will move the
  797. // water mark pointer with a non-blocking operation
  798. //
  800. typedef struct _LFH_BLOCK_ZONE {
  802. LIST_ENTRY ListEntry;
  803. PVOID FreePointer;
  804. PVOID Limit;
  806. } LFH_BLOCK_ZONE, *PLFH_BLOCK_ZONE;
  808. #define FREE_CACHE_SIZE 16
  810. typedef struct _HEAP_LOCAL_SEGMENT_INFO {
  812. PHEAP_SUBSEGMENT Hint;
  813. PHEAP_SUBSEGMENT ActiveSubsegment;
  815. PHEAP_SUBSEGMENT CachedItems[ FREE_CACHE_SIZE ];
  816. SLIST_HEADER SListHeader;
  818. SIZE_T BusyEntries;
  819. SIZE_T LastUsed;
  821. } HEAP_LOCAL_SEGMENT_INFO, *PHEAP_LOCAL_SEGMENT_INFO;
  823. #define HEAP_BUCKETS_COUNT 128
  825. typedef struct _HEAP_LOCAL_DATA {
  827. //
  828. // We reserve the 128 bytes below to avoid sharing memory
  829. // into the same cacheline on MP machines
  830. //
  832. UCHAR Reserved[128];
  834. volatile PLFH_BLOCK_ZONE CrtZone;
  835. struct _LFH_HEAP * LowFragHeap;
  837. HEAP_LOCAL_SEGMENT_INFO SegmentInfo[HEAP_BUCKETS_COUNT];
  838. SLIST_HEADER DeletedSubSegments;
  840. ULONG Affinity;
  841. ULONG Reserved1;
  843. } HEAP_LOCAL_DATA, *PHEAP_LOCAL_DATA;
  845. //
  846. // Fixed size large block cache data structures & definitions
  847. // This holds in S-Lists the blocks that can be free, but it
  848. // delay the free until no other thread is doing a heap operation
  849. // This helps reducing the contention on the heap lock,
  850. // improve the scalability with a relatively low memory footprint
  851. //
  853. #define HEAP_LOWEST_USER_SIZE_INDEX 7
  854. #define HEAP_HIGHEST_USER_SIZE_INDEX 18
  856. #define HEAP_USER_ENTRIES (HEAP_HIGHEST_USER_SIZE_INDEX - HEAP_LOWEST_USER_SIZE_INDEX + 1)
  858. typedef struct _USER_MEMORY_CACHE {
  860. SLIST_HEADER UserBlocks[ HEAP_USER_ENTRIES ];
  862. ULONG FreeBlocks;
  863. ULONG Sequence;
  865. ULONG MinDepth[ HEAP_USER_ENTRIES ];
  866. ULONG AvailableBlocks[ HEAP_USER_ENTRIES ];
  868. } USER_MEMORY_CACHE, *PUSER_MEMORY_CACHE;
  870. typedef struct _LFH_HEAP {
  872. RTL_CRITICAL_SECTION Lock;
  874. LIST_ENTRY SubSegmentZones;
  875. SIZE_T ZoneBlockSize;
  876. HANDLE Heap;
  877. LONG Conversions;
  878. LONG ConvertedSpace;
  880. ULONG SegmentChange; //
  881. ULONG SegmentCreate; // Various counters (optional)
  882. ULONG SegmentInsertInFree; //
  883. ULONG SegmentDelete; //
  885. USER_MEMORY_CACHE UserBlockCache;
  887. //
  888. // Bucket data
  889. //
  891. HEAP_BUCKET Buckets[HEAP_BUCKETS_COUNT];
  893. //
  894. // The LocalData array must be the last field in LFH structures
  895. // The sizes of the array is choosen depending upon the
  896. // number of processors.
  897. //
  899. HEAP_LOCAL_DATA LocalData[1];
  901. } LFH_HEAP, *PLFH_HEAP;
  904. /*
  905. MEMORY_ADDRESS Addr = GetExpression(args);
  906. if (NULL == Addr)
  907. {
  908. dprintf("unable to resolve %s\n",args);
  909. return;
  910. }
  911. HEAP_USERDATA_HEADER UserData;
  912. if (ReadMemory(Addr,&UserData,sizeof(UserData),NULL))
  913. {
  914. dprintf(" Next %p HeapHandle %p SizeIndex %p Signature %p\n",
  915. UserData.SFreeListEntry.Next,
  916. UserData.HeapHandle,
  917. UserData.SizeIndex,
  918. UserData.Signature);
  919. BLOCK_ENTRY * pBlkEntry = (BLOCK_ENTRY *)((HEAP_USERDATA_HEADER*)Addr+1);
  920. while(pBlkEntry)
  921. {
  922. BLOCK_ENTRY BlkEntry;
  924. if (ReadMemory((ULONG_PTR)pBlkEntry,&BlkEntry,sizeof(BlkEntry),NULL))
  925. {
  926. dprintf(" %p : %08x %02x %02x %02x %02x - %04x %04x\n",
  927. pBlkEntry,
  928. *(DWORD *)&BlkEntry.Size,
  929. BlkEntry.SmallTagIndex,
  930. BlkEntry.Flags,
  931. BlkEntry.UnusedBytes,
  932. BlkEntry.SegmentIndex,
  933. BlkEntry.LinkOffset,
  934. BlkEntry.Reserved2);
  936. GetVTable((MEMORY_ADDRESS)((BYTE*)pBlkEntry+sizeof(BLOCK_ENTRY)));
  938. if (1 == BlkEntry.SmallTagIndex)
  939. {
  940. pBlkEntry = (BLOCK_ENTRY *)((HEAP_ENTRY *)pBlkEntry+BlkEntry.LinkOffset);
  941. }
  942. else
  943. {
  944. pBlkEntry = 0;
  945. }
  946. }
  947. else
  948. {
  949. dprintf("RM %p\n",pBlkEntry);
  950. break;
  951. }
  952. }
  953. }
  954. else
  955. {
  956. dprintf("RM %p\n");
  957. }
  958. */
  960. void Print_HEAP_SUBSEGMENT( HEAP_SUBSEGMENT * pSubSeg_OOP,BOOL bHere)
  961. {
  962. HEAP_SUBSEGMENT HeapSubSeg;
  963. HEAP_SUBSEGMENT * pSubSegHERE = &HeapSubSeg;
  964. if (NULL == pSubSeg_OOP) return;
  966. if (bHere)
  967. {
  968. pSubSegHERE = pSubSeg_OOP;
  969. }
  970. else
  971. {
  972. if (!ReadMemory((ULONG_PTR)pSubSeg_OOP,&HeapSubSeg,sizeof(HeapSubSeg),0))
  973. {
  974. dprintf("RM %p\n",pSubSeg_OOP);
  975. return;
  976. }
  977. }
  978. dprintf(" - Bkt %p Blk %p D %04x F %04x S %08x\n",
  979. pSubSegHERE->Bucket,
  980. pSubSegHERE->UserBlocks,
  981. pSubSegHERE->AggregateExchg.Depth,
  982. pSubSegHERE->AggregateExchg.FreeEntryOffset,
  983. pSubSegHERE->AggregateExchg.Sequence);
  984. dprintf(" Bs %04x FT %04x BC %04x S %02x A %02x Lock %08x\n",
  985. pSubSegHERE->BlockSize,
  986. pSubSegHERE->FreeThreshold,
  987. pSubSegHERE->BlockCount,
  988. pSubSegHERE->SizeIndex,
  989. pSubSegHERE->AffinityIndex,
  990. pSubSegHERE->Lock);
  992. if (0 == pSubSegHERE->AggregateExchg.Depth) return;
  994. struct EntryTable : HEAP_ENTRY
  995. {
  996. ULONG_PTR vTable;
  997. } Entry;
  998. HEAP_ENTRY * pEntry_OOP = (HEAP_ENTRY *)((HEAP_USERDATA_HEADER *)pSubSegHERE->UserBlocks+1);
  999. DWORD Count = 0;
  1000. do
  1001. {
  1002. if (ReadMemory((ULONG_PTR)pEntry_OOP,&Entry,sizeof(Entry),NULL))
  1003. {
  1004. dprintf(" %p: %04x . %04x [%02x] - (%x)\n",
  1005. pEntry_OOP,1+pSubSegHERE->SizeIndex,0,
  1006. Entry.Flags,
  1007. (sizeof(HEAP_ENTRY))*( pSubSegHERE->BlockSize)-Entry.UnusedBytes);
  1008. GetVTable(Entry.vTable);
  1009. pEntry_OOP += ( pSubSegHERE->BlockSize );
  1010. Count++;
  1011. }
  1012. else
  1013. {
  1014. dprintf("RM %p\n",pEntry_OOP);
  1015. break;
  1016. }
  1017. } while(1 == Entry.SmallTagIndex && Count < pSubSegHERE->AggregateExchg.Depth);
  1019. }
  1021. DWORD EnumListCrtZone(VOID * pZone_OOP,
  1022. VOID * pBlockZone)
  1023. {
  1024. LFH_BLOCK_ZONE CrtZone;
  1025. LFH_BLOCK_ZONE * pBlockZone_OOP = (LFH_BLOCK_ZONE *)pZone_OOP;
  1026. if (ReadMemory((ULONG_PTR)pBlockZone_OOP,&CrtZone,sizeof(CrtZone),NULL))
  1027. {
  1028. ULONG_PTR Size = (ULONG_PTR)CrtZone.FreePointer - (ULONG_PTR)pBlockZone_OOP;
  1029. BYTE * pMem = (BYTE *)HeapAlloc(GetProcessHeap(),0,Size);
  1030. if (pMem)
  1031. {
  1032. ULONG_PTR AddrCrtZone = (ULONG_PTR)pBlockZone_OOP;
  1033. if (ReadMemory(AddrCrtZone,pMem,(ULONG)Size,NULL))
  1034. {
  1035. HEAP_SUBSEGMENT * pSubSeg = (HEAP_SUBSEGMENT *)((LFH_BLOCK_ZONE *)pMem + 1);
  1036. HEAP_SUBSEGMENT * pSubSegEnd = (HEAP_SUBSEGMENT *)((BYTE *)pSubSeg+Size);
  1038. HEAP_SUBSEGMENT * pSubSeg_OOP = (HEAP_SUBSEGMENT *)((LFH_BLOCK_ZONE *)AddrCrtZone+1);
  1039. while (pSubSeg < pSubSegEnd )
  1040. {
  1041. //dprintf("SS - %p\n",pSubSeg_OOP);
  1042. Print_HEAP_SUBSEGMENT(pSubSeg,TRUE);
  1043. pSubSeg++;
  1044. pSubSeg_OOP++;
  1045. }
  1046. }
  1047. HeapFree(GetProcessHeap(),0,pMem);
  1048. }
  1049. }
  1050. else
  1051. {
  1052. dprintf("RM %p\n",pBlockZone_OOP);
  1053. }
  1054. return 0;
  1055. }
  1057. void Print_LFH(LFH_HEAP * pLFH_OOP)
  1058. {
  1059. ULONG_PTR AddrAff = GetExpression("ntdll!RtlpHeapMaxAffinity");
  1060. if (AddrAff)
  1061. {
  1062. ULONG Affinity = 0;
  1063. if (ReadMemory(AddrAff,&Affinity,sizeof(Affinity),0))
  1064. {
  1065. ULONG_PTR SizeRead = sizeof(LFH_HEAP) + Affinity*sizeof(HEAP_LOCAL_DATA);
  1066. LFH_HEAP * pLFH = (LFH_HEAP *)HeapAlloc(GetProcessHeap(),0,SizeRead);
  1067. if (NULL == pLFH) return;
  1069. if (ReadMemory((ULONG_PTR)pLFH_OOP,pLFH,(ULONG)SizeRead,0))
  1070. {
  1071. dprintf("LFH_HEAP %p\n",pLFH_OOP);
  1073. LIST_ENTRY * pListHead_oop = &pLFH_OOP->SubSegmentZones;
  1074. EnumLinkedListCB(pListHead_oop,
  1075. sizeof(LFH_BLOCK_ZONE),
  1076. FIELD_OFFSET(LFH_BLOCK_ZONE,ListEntry),
  1077. EnumListCrtZone);
  1079. /*
  1080. for (DWORD i=0;i<HEAP_USER_ENTRIES;i++)
  1081. {
  1082. dprintf(" HEAP_USERDATA_HEADER - %d\n",i);
  1083. HEAP_USERDATA_HEADER * pUsrDataHdr = (HEAP_USERDATA_HEADER *)pLFH->UserBlockCache.UserBlocks[i].Next.Next;
  1085. dprintf(" Next %p Available %x\n",pUsrDataHdr,pLFH->UserBlockCache.AvailableBlocks[i]);
  1087. HEAP_USERDATA_HEADER UsrDataHdr;
  1088. UsrDataHdr.SFreeListEntry.Next = NULL;
  1089. for (;pUsrDataHdr;pUsrDataHdr = (HEAP_USERDATA_HEADER *)UsrDataHdr.SFreeListEntry.Next)
  1090. {
  1091. if (ReadMemory((ULONG_PTR)pUsrDataHdr,&UsrDataHdr,sizeof(UsrDataHdr),NULL))
  1092. {
  1093. dprintf(" ----\n");
  1094. dprintf(" Next %p\n",UsrDataHdr.SFreeListEntry.Next);
  1095. dprintf(" HeapHandle %p\n",UsrDataHdr.HeapHandle);
  1096. dprintf(" SizeIndex %p\n",UsrDataHdr.SizeIndex);
  1097. dprintf(" Signature %p\n",UsrDataHdr.Signature);
  1098. }
  1099. else
  1100. {
  1101. dprintf("RM %p\n",pUsrDataHdr);
  1102. }
  1103. }
  1104. }
  1105. */
  1107. //
  1108. // Buckets
  1109. //
  1110. /*
  1111. dprintf(" Buckets\n");
  1112. dprintf(" # BUnt S A Conv TotBlk SubSegCnt\n");
  1113. for (DWORD i = 0; i < HEAP_BUCKETS_COUNT; i++)
  1114. {
  1115. //+0x000 Counters : _HEAP_BUCKET
  1116. dprintf(" %02x - %04x %02x %02x %p %08x %08x\n",
  1117. i,
  1118. pLFH->Buckets[i].BlockUnits,
  1119. pLFH->Buckets[i].SizeIndex,
  1120. pLFH->Buckets[i].UseAffinity,
  1121. pLFH->Buckets[i].Conversions,
  1122. pLFH->Buckets[i].Counters.TotalBlocks,
  1123. pLFH->Buckets[i].Counters.SubSegmentCounts);
  1124. }
  1125. */
  1127. for (DWORD i = 0; i <= Affinity; i++)
  1128. {
  1129. if (0 == i)
  1130. dprintf(" HEAP_LOCAL_DATA - NO AFFINITY\n");
  1131. else
  1132. dprintf(" HEAP_LOCAL_DATA - AFFINITY %d\n",i-1);
  1134. dprintf(" @ %p CrtZone %p LFHeap %p Affinity %x\n",
  1135. (ULONG_PTR)pLFH_OOP + (ULONG_PTR)&pLFH->LocalData[i] - (ULONG_PTR)pLFH,
  1136. pLFH->LocalData[i].CrtZone,
  1137. pLFH->LocalData[i].LowFragHeap,
  1138. pLFH->LocalData[i].Affinity);
  1140. //Print_BLOCK_ZONE((LFH_BLOCK_ZONE *)pLFH->LocalData[i].CrtZone);
  1142. HEAP_LOCAL_DATA * pLocData = &pLFH->LocalData[i];
  1144. dprintf(" # Hint Active Next BusyEntries LastUsed\n");
  1145. for (DWORD j=0;j<HEAP_BUCKETS_COUNT;j++)
  1146. {
  1147. dprintf(" %02x %p %p %p %08x %08x\n",
  1148. j,
  1149. pLocData->SegmentInfo[j].Hint,
  1150. pLocData->SegmentInfo[j].ActiveSubsegment,
  1151. pLocData->SegmentInfo[j].SListHeader, //.Next, //.next
  1152. pLocData->SegmentInfo[j].BusyEntries,
  1153. pLocData->SegmentInfo[j].LastUsed);
  1154. //Print_HEAP_SUBSEGMENT(pLocData->SegmentInfo[j].Hint,FALSE);
  1155. //Print_HEAP_SUBSEGMENT(pLocData->SegmentInfo[j].ActiveSubsegment,FALSE);
  1156. }
  1158. }
  1159. }
  1160. else
  1161. {
  1162. dprintf("RM %p\n",pLFH_OOP);
  1163. }
  1164. HeapFree(GetProcessHeap(),0,pLFH);
  1165. }
  1166. else
  1167. {
  1168. dprintf("RM %p\n",AddrAff);
  1169. }
  1170. }
  1171. else
  1172. {
  1173. dprintf("unable to resolve ntdll!RtlpHeapMaxAffinity\n");
  1174. }
  1175. }
  1177. DECLARE_API(lfhp)
  1178. {
  1179. INIT_API();
  1181. MEMORY_ADDRESS Addr = GetExpression(args);
  1182. if (NULL == Addr)
  1183. {
  1184. dprintf("unable to resolve %s\n",args);
  1185. return;
  1186. }
  1188. DEFINE_CPP_VAR( HEAP, varHEAP);
  1189. HEAP * pHeap = GET_CPP_VAR_PTR( HEAP , varHEAP );
  1191. if (ReadMemory(Addr,pHeap ,sizeof(HEAP),NULL))
  1192. {
  1194. //dprintf("----- LookAside %p\n",pHeap->FrontEndHeap);
  1195. //Dump_LookAside((ULONG_PTR)pHeap->FrontEndHeap);
  1196. if (HEAP_FRONT_LOWFRAGHEAP == pHeap->FrontEndHeapType )
  1197. {
  1198. Print_LFH((LFH_HEAP*)pHeap->FrontEndHeap);
  1199. }
  1200. else
  1201. {
  1202. dprintf("Unrecognized FrontEndHeapType %d\n",pHeap->FrontEndHeapType);
  1203. }
  1204. }
  1205. else
  1206. {
  1207. dprintf("RM %p\n",Addr);
  1208. }
  1210. }
  1212. //
  1213. //
  1214. // dump the HEAP, incomplete
  1215. //
  1216. //
  1218. DECLARE_API(hp)
  1219. {
  1220. INIT_API();
  1222. g_UsedInHeap = 0;
  1224. DEFINE_CPP_VAR( HEAP, varHEAP);
  1225. HEAP * pHeap = GET_CPP_VAR_PTR( HEAP , varHEAP );
  1226. MEMORY_ADDRESS pByte = GetExpression(args);
  1227. DWORD i;
  1229. if (pByte)
  1230. {
  1231. if (ReadMemory(pByte,pHeap ,sizeof(HEAP),NULL))
  1232. {
  1233. for (i=0;i<HEAP_MAXIMUM_SEGMENTS;i++)
  1234. {
  1235. if (pHeap->Segments[i])
  1236. PrintHEAP_SEGMENT(pHeap->Segments[i],NULL,NULL);
  1237. //dprintf(" seg %i - %p\n",i,pHeap->Segments[i]);
  1239. }
  1240. dprintf("Used Bytes %p\n",g_UsedInHeap);
  1241. }
  1242. else
  1243. {
  1244. dprintf("RM %p %d\n",pByte,GetLastError());
  1245. }
  1246. }
  1247. else
  1248. {
  1249. dprintf("invalid address %s\n",args);
  1250. }
  1251. }
  1253. //
  1254. //
  1255. //
  1256. /////////////////////////////////////////////////////////////
  1258. DWORD g_BlockSize;
  1259. ULONG_PTR * g_pBlockBlob;
  1260. ULONG g_NumMatch;
  1262. DWORD CallBackSearch(ULONG_PTR pHeapEntry_OOP,ULONG_PTR Addr)
  1263. {
  1264. if (!g_pBlockBlob)
  1265. {
  1266. dprintf("no GLOBAL search block\n");
  1267. return STATUS_NO_MEMORY;
  1268. }
  1269. HEAP_ENTRY Entry;
  1270. if (ReadMemory(pHeapEntry_OOP,&Entry,sizeof(HEAP_ENTRY),NULL))
  1271. {
  1272. HEAP_ENTRY * pEntry = (HEAP_ENTRY *)&Entry;
  1273. DWORD Size = (pEntry->Flags & HEAP_ENTRY_BUSY)?(pEntry->Size<<HEAP_GRANULARITY_SHIFT)-pEntry->UnusedBytes:0;
  1274. if (Size)
  1275. {
  1276. if (Size < g_BlockSize)
  1277. {
  1278. ULONG_PTR * pData = (ULONG_PTR *)g_pBlockBlob;
  1279. ReadMemory(pHeapEntry_OOP+sizeof(HEAP_ENTRY),pData,Size,NULL);
  1281. // here is the assumption that pointers are aligned
  1282. DWORD nTimes = Size/sizeof(ULONG_PTR);
  1283. DWORD i;
  1284. for (i=0;i<nTimes;i++)
  1285. {
  1286. if (Addr == pData[i])
  1287. {
  1288. dprintf("- %p off %p\n",pHeapEntry_OOP,sizeof(ULONG_PTR)*i);
  1289. PrintHeapEntry((HEAP_ENTRY *)pEntry,(void *)pHeapEntry_OOP);
  1290. g_NumMatch++;
  1291. }
  1292. }
  1293. }
  1294. else
  1295. {
  1296. dprintf(" entry %p too big\n",pHeapEntry_OOP);
  1297. }
  1298. }
  1299. }
  1300. else
  1301. {
  1302. dprintf("RM %p\n",pHeapEntry_OOP);
  1303. }
  1304. return 0;
  1305. }
  1307. //
  1308. //
  1309. // search the HEAP, incomplete
  1310. //
  1311. ///////////////////////////////////////////////
  1313. DECLARE_API(shp)
  1314. {
  1315. INIT_API();
  1317. DEFINE_CPP_VAR( HEAP, varHEAP);
  1318. HEAP * pHeap = GET_CPP_VAR_PTR( HEAP , varHEAP );
  1321. char * pArgs = (char *)args;
  1322. while(isspace(*pArgs)) pArgs++;
  1324. MEMORY_ADDRESS pByte = GetExpression(pArgs);
  1326. while(!isspace(*pArgs)) pArgs++;
  1328. MEMORY_ADDRESS Addr = GetExpression(pArgs);
  1330. DWORD i;
  1332. if (pByte && Addr)
  1333. {
  1334. g_BlockSize = 0x10000*sizeof(HEAP_ENTRY);
  1335. g_pBlockBlob = (ULONG_PTR *)VirtualAlloc(NULL,g_BlockSize,MEM_COMMIT,PAGE_READWRITE);
  1337. if (!g_pBlockBlob)
  1338. {
  1339. dprintf("VirtualAlloc err %d\n",GetLastError());
  1340. return;
  1341. }
  1343. if (ReadMemory(pByte,pHeap ,sizeof(HEAP),NULL))
  1344. {
  1346. g_NumMatch = 0;
  1347. for (i=0;i<HEAP_MAXIMUM_SEGMENTS;i++)
  1348. {
  1349. if (pHeap->Segments[i])
  1350. PrintHEAP_SEGMENT(pHeap->Segments[i],CallBackSearch,(ULONG_PTR)Addr);
  1351. // dprintf(" seg %i - %p\n",i,pHeap->Segments[i]);
  1353. }
  1354. dprintf("%d matches found\n",g_NumMatch);
  1355. }
  1356. else
  1357. {
  1358. dprintf("RM %p %d\n",pByte,GetLastError());
  1359. }
  1361. if (g_pBlockBlob)
  1362. {
  1363. VirtualFree(g_pBlockBlob,0,MEM_RELEASE);
  1364. g_pBlockBlob = NULL;
  1365. g_BlockSize = 0;
  1366. }
  1367. }
  1368. else
  1369. {
  1370. dprintf("invalid heap address pair in%s\n",args);
  1371. }
  1372. }
  1374. //
  1375. // decode heap flags
  1376. //
  1377. /*
  1378. #define HEAP_NO_SERIALIZE 0x00000001 // winnt
  1379. #define HEAP_GROWABLE 0x00000002 // winnt
  1380. #define HEAP_GENERATE_EXCEPTIONS 0x00000004 // winnt
  1381. #define HEAP_ZERO_MEMORY 0x00000008 // winnt
  1382. #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010 // winnt
  1383. #define HEAP_TAIL_CHECKING_ENABLED 0x00000020 // winnt
  1384. #define HEAP_FREE_CHECKING_ENABLED 0x00000040 // winnt
  1385. #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080 // winnt
  1387. #define HEAP_SETTABLE_USER_VALUE 0x00000100
  1388. #define HEAP_SETTABLE_USER_FLAG1 0x00000200
  1389. #define HEAP_SETTABLE_USER_FLAG2 0x00000400
  1390. #define HEAP_SETTABLE_USER_FLAG3 0x00000800
  1392. #define HEAP_CLASS_0 0x00000000 // process heap
  1393. #define HEAP_CLASS_1 0x00001000 // private heap
  1394. #define HEAP_CLASS_2 0x00002000 // Kernel Heap
  1395. #define HEAP_CLASS_3 0x00003000 // GDI heap
  1396. #define HEAP_CLASS_4 0x00004000 // User heap
  1397. #define HEAP_CLASS_5 0x00005000 // Console heap
  1398. #define HEAP_CLASS_6 0x00006000 // User Desktop heap
  1399. #define HEAP_CLASS_7 0x00007000 // Csrss Shared heap
  1400. #define HEAP_CLASS_8 0x00008000 // Csr Port heap
  1401. */
  1402. #define HEAP_LOCK_USER_ALLOCATED (ULONG)0x80000000
  1403. #define HEAP_VALIDATE_PARAMETERS_ENABLED (ULONG)0x40000000
  1404. #define HEAP_VALIDATE_ALL_ENABLED (ULONG)0x20000000
  1405. #define HEAP_SKIP_VALIDATION_CHECKS (ULONG)0x10000000
  1406. #define HEAP_CAPTURE_STACK_BACKTRACES (ULONG)0x08000000
  1408. #define HEAP_FLAG_PAGE_ALLOCS 0x01000000
  1410. #define HEAP_PROTECTION_ENABLED 0x02000000
  1411. #define HEAP_BREAK_WHEN_OUT_OF_VM 0x04000000
  1412. #define HEAP_NO_ALIGNMENT 0x08000000
  1416. void DecodeFlags(ULONG Flags)
  1417. {
  1418. dprintf(" Flags: %08x ",Flags);
  1419. if (Flags & HEAP_NO_SERIALIZE)
  1420. dprintf("HEAP_NO_SERIALIZE ");
  1421. if (Flags & HEAP_GROWABLE)
  1422. dprintf("HEAP_GROWABLE ");
  1423. if (Flags & HEAP_GENERATE_EXCEPTIONS)
  1424. dprintf("HEAP_GENERATE_EXCEPTIONS ");
  1425. if (Flags & HEAP_ZERO_MEMORY)
  1426. dprintf("HEAP_ZERO_MEMORY ");
  1428. if (Flags & HEAP_REALLOC_IN_PLACE_ONLY)
  1429. dprintf("HEAP_REALLOC_IN_PLACE_ONLY ");
  1430. if (Flags & HEAP_TAIL_CHECKING_ENABLED)
  1431. dprintf("HEAP_TAIL_CHECKING_ENABLED ");
  1432. if (Flags & HEAP_FREE_CHECKING_ENABLED)
  1433. dprintf("HEAP_FREE_CHECKING_ENABLED ");
  1434. if (Flags & HEAP_DISABLE_COALESCE_ON_FREE)
  1435. dprintf("HEAP_DISABLE_COALESCE_ON_FREE ");
  1437. if (Flags & HEAP_SETTABLE_USER_VALUE)
  1438. dprintf("HEAP_SETTABLE_USER_VALUE ");
  1439. if (Flags & HEAP_SETTABLE_USER_FLAG1)
  1440. dprintf("HEAP_SETTABLE_USER_FLAG1 ");
  1441. if (Flags & HEAP_SETTABLE_USER_FLAG2)
  1442. dprintf("HEAP_SETTABLE_USER_FLAG2 ");
  1443. if (Flags & HEAP_SETTABLE_USER_FLAG3)
  1444. dprintf("HEAP_SETTABLE_USER_FLAG3 ");
  1446. if (Flags & HEAP_CLASS_MASK)
  1447. dprintf("HEAP_CLASS %d",(Flags&HEAP_CLASS_MASK)>>12);
  1448. /*
  1449. if (Flags & HEAP_CLASS_1)
  1450. dprintf("HEAP_CLASS_1 ");
  1451. if (Flags & HEAP_CLASS_2)
  1452. dprintf("HEAP_CLASS_2 ");
  1453. if (Flags & HEAP_CLASS_3)
  1454. dprintf("HEAP_CLASS_3 ");
  1455. if (Flags & HEAP_CLASS_4)
  1456. dprintf("HEAP_CLASS_4 ");
  1457. if (Flags & HEAP_CLASS_5)
  1458. dprintf("HEAP_CLASS_5 ");
  1459. if (Flags & HEAP_CLASS_6)
  1460. dprintf("HEAP_CLASS_6 ");
  1461. if (Flags & HEAP_CLASS_7)
  1462. dprintf("HEAP_CLASS_7 ");
  1463. */
  1465. //if (Flags & HEAP_CAPTURE_STACK_BACKTRACES)
  1466. // dprintf("HEAP_CAPTURE_STACK_BACKTRACES ");
  1467. if (Flags &HEAP_SKIP_VALIDATION_CHECKS)
  1468. dprintf("HEAP_SKIP_VALIDATION_CHECKS ");
  1469. if (Flags &HEAP_VALIDATE_ALL_ENABLED)
  1470. dprintf("HEAP_VALIDATE_ALL_ENABLED ");
  1471. if (Flags &HEAP_VALIDATE_PARAMETERS_ENABLED)
  1472. dprintf("HEAP_VALIDATE_PARAMETERS_ENABLED ");
  1473. if (Flags &HEAP_LOCK_USER_ALLOCATED)
  1474. dprintf("HEAP_LOCK_USER_ALLOCATED ");
  1476. if (Flags &HEAP_FLAG_PAGE_ALLOCS)
  1477. dprintf("HEAP_FLAG_PAGE_ALLOCS ");
  1478. if (Flags &HEAP_PROTECTION_ENABLED)
  1479. dprintf("HEAP_PROTECTION_ENABLED ");
  1480. if (Flags &HEAP_BREAK_WHEN_OUT_OF_VM)
  1481. dprintf("HEAP_BREAK_WHEN_OUT_OF_VM ");
  1482. if (Flags &HEAP_NO_ALIGNMENT)
  1483. dprintf("HEAP_NO_ALIGNMENT ");
  1485. //if (Flags &)
  1486. // dprintf(" ");
  1487. dprintf("\n");
  1488. }
  1490. //
  1491. // Get all the heaps
  1492. //
  1494. DECLARE_API(hps)
  1495. {
  1496. INIT_API();
  1498. PEB * pPeb = NULL;
  1499. PEB ThisPeb;
  1500. GetPeb(hCurrentProcess,&pPeb);
  1502. if(!pPeb)
  1503. {
  1504. #ifdef _WIN64
  1505. pPeb = (PEB *)0x6fbfffde000;
  1506. #else
  1507. pPeb = (PEB *)0x7ffdf000;
  1508. #endif
  1509. }
  1511. if (pPeb)
  1512. {
  1513. ReadMemory((MEMORY_ADDRESS)pPeb,&ThisPeb,sizeof(PEB),0);
  1514. void ** pHeaps = (void**)_alloca(ThisPeb.NumberOfHeaps*sizeof(void*));
  1515. DWORD i,j;
  1516. ULONG_PTR TotCommitSize = 0;
  1517. ULONG_PTR TotVirtSize = 0;
  1519. if (ReadMemory((MEMORY_ADDRESS)ThisPeb.ProcessHeaps,pHeaps,ThisPeb.NumberOfHeaps*sizeof(void*),0))
  1520. {
  1521. for(i=0;i<ThisPeb.NumberOfHeaps;i++)
  1522. {
  1523. DEFINE_CPP_VAR( HEAP, varHEAP);
  1524. HEAP * pHeap = GET_CPP_VAR_PTR( HEAP , varHEAP );
  1525. ULONG_PTR TotHeapCommitSize = 0;
  1526. ULONG_PTR TotHeapVirtSize = 0;
  1528. if (ReadMemory((MEMORY_ADDRESS)pHeaps[i],pHeap ,sizeof(HEAP),0))
  1529. {
  1530. for (j=0;j<HEAP_MAXIMUM_SEGMENTS;j++)
  1531. {
  1532. if (pHeap->Segments[j])
  1533. {
  1534. DEFINE_CPP_VAR( HEAP_SEGMENT, varHEAP_SEGMENT);
  1535. HEAP_SEGMENT * pHeapSeg = GET_CPP_VAR_PTR( HEAP_SEGMENT , varHEAP_SEGMENT );
  1537. if (ReadMemory((MEMORY_ADDRESS)pHeap->Segments[j],pHeapSeg,sizeof(HEAP_SEGMENT),0))
  1538. {
  1539. dprintf(" - %p (C %p - R %p)\n",
  1540. pHeap->Segments[j],
  1541. (pHeapSeg->NumberOfPages - pHeapSeg->NumberOfUnCommittedPages) * PAGE_SIZE,
  1542. (pHeapSeg->NumberOfPages) * PAGE_SIZE);
  1544. TotHeapCommitSize += ((pHeapSeg->NumberOfPages - pHeapSeg->NumberOfUnCommittedPages) * PAGE_SIZE);
  1545. TotHeapVirtSize += ((pHeapSeg->NumberOfPages) * PAGE_SIZE);
  1546. // now print the beggining of a committed range
  1547. dprintf(" CR %p\n",pHeapSeg->BaseAddress);
  1548. HEAP_UNCOMMMTTED_RANGE * pUncomm_OOP = pHeapSeg->UnCommittedRanges;
  1549. for (DWORD i=0;i<pHeapSeg->NumberOfUnCommittedRanges && pUncomm_OOP;i++)
  1550. {
  1551. HEAP_UNCOMMMTTED_RANGE UncommRange;
  1552. if (ReadMemory((MEMORY_ADDRESS)pUncomm_OOP,&UncommRange,sizeof(HEAP_UNCOMMMTTED_RANGE),NULL))
  1553. {
  1554. if (UncommRange.Next)
  1555. {
  1556. pUncomm_OOP = UncommRange.Next;
  1557. }
  1558. ULONG_PTR RangeAddr = (ULONG_PTR)UncommRange.Address+UncommRange.Size;
  1559. if (RangeAddr != (ULONG_PTR)pHeapSeg->LastEntryInSegment)
  1560. dprintf(" CR %p\n",RangeAddr);
  1561. }
  1562. else
  1563. {
  1564. dprintf("RM %p\n",pHeapSeg->UnCommittedRanges);
  1565. break;
  1566. }
  1567. }
  1568. }
  1569. else
  1570. {
  1571. dprintf("RM %p\n",pHeap->Segments[j]);
  1572. }
  1573. }
  1574. }
  1575. }
  1576. else
  1577. {
  1578. dprintf("RM %p\n",pHeaps[i]);
  1579. pHeap = NULL;
  1580. }
  1581. dprintf(" HEAP %p - %p\n",pHeaps[i],TotHeapCommitSize);
  1582. if (pHeap)
  1583. {
  1584. DecodeFlags(pHeap->Flags|pHeap->ForceFlags);
  1585. dprintf(" FrontEndHeapType %d\n",pHeap->FrontEndHeapType);
  1586. }
  1587. TotCommitSize += TotHeapCommitSize;
  1588. TotVirtSize += TotHeapVirtSize;
  1589. }
  1590. dprintf(" -- Tot C %p Tot R %p\n",TotCommitSize, TotVirtSize);
  1591. }
  1592. else
  1593. {
  1594. dprintf("RM %p\n",ThisPeb.ProcessHeaps);
  1595. }
  1596. }
  1597. else
  1598. {
  1599. dprintf("unable to get PEB\n");
  1600. }
  1601. }
  1604. //
  1605. // reverse heap free list
  1606. //
  1607. //////////////////
  1609. DWORD
  1610. CallBackFreeList(VOID * pStructure_OOP,
  1611. VOID * pLocalCopy)
  1612. {
  1613. HEAP_FREE_ENTRY * pFreeEntry = (HEAP_FREE_ENTRY *)pLocalCopy;
  1615. dprintf(" %p (%p,%p): %04x - %04x [%02x] %02x %02x (%x)\n",
  1616. pStructure_OOP,
  1617. pFreeEntry->FreeList.Flink,
  1618. pFreeEntry->FreeList.Blink,
  1619. pFreeEntry->Size,
  1620. pFreeEntry->PreviousSize,
  1621. pFreeEntry->Flags,
  1622. pFreeEntry->Index,
  1623. pFreeEntry->Mask,
  1624. pFreeEntry->Size*sizeof(HEAP_ENTRY));
  1626. return 0;
  1627. }
  1630. DECLARE_API( rllc )
  1631. {
  1632. INIT_API();
  1634. MEMORY_ADDRESS Addr = GetExpression(args);
  1636. if (Addr)
  1637. {
  1638. EnumReverseLinkedListCB((LIST_ENTRY *)Addr,
  1639. sizeof(HEAP_FREE_ENTRY),
  1640. FIELD_OFFSET(HEAP_FREE_ENTRY,FreeList),
  1641. CallBackFreeList);
  1642. }
  1643. else
  1644. {
  1645. dprintf("cannot resolve %s\n",args);
  1646. }
  1647. }
  1649. //
  1650. //
  1651. // Print the Free Lists of the Heap
  1652. //
  1653. /////////////////////////////////////////////////
  1655. DWORD
  1656. CallBackFreeList2(VOID * pStructure_OOP,
  1657. VOID * pLocalCopy)
  1658. {
  1659. HEAP_FREE_ENTRY * pFreeEntry = (HEAP_FREE_ENTRY *)pLocalCopy;
  1661. dprintf(" %p (%p,%p): %04x - %04x [%02x] %02x %02x (%x)",
  1662. pStructure_OOP,
  1663. pFreeEntry->FreeList.Flink,
  1664. pFreeEntry->FreeList.Blink,
  1665. pFreeEntry->Size,
  1666. pFreeEntry->PreviousSize,
  1667. pFreeEntry->Flags,
  1668. pFreeEntry->Index,
  1669. pFreeEntry->Mask,
  1670. pFreeEntry->Size*sizeof(HEAP_ENTRY));
  1672. MEMORY_ADDRESS pEntry = (MEMORY_ADDRESS)pStructure_OOP;
  1674. HEAP_ENTRY HeapEntry;
  1675. ReadMemory((MEMORY_ADDRESS)pEntry,&HeapEntry,sizeof(HeapEntry),0);
  1677. while (HeapEntry.PreviousSize)
  1678. {
  1679. pEntry = (MEMORY_ADDRESS)((HEAP_ENTRY*)pEntry - HeapEntry.PreviousSize);
  1680. if (ReadMemory((MEMORY_ADDRESS)pEntry,&HeapEntry,sizeof(HeapEntry),0))
  1681. {
  1682. }
  1683. else
  1684. {
  1685. dprintf("RM %p\n",pEntry);
  1686. break;
  1687. }
  1689. if (CheckControlC())
  1690. break;
  1691. }
  1692. dprintf(" -B %p\n",pEntry);
  1693. return 0;
  1694. }
  1696. #define EmptyFull( expr ) (( expr )?'F':'-')
  1698. DECLARE_API( hpf )
  1699. {
  1700. INIT_API();
  1702. DEFINE_CPP_VAR( HEAP, varHEAP);
  1703. HEAP * pHeap = GET_CPP_VAR_PTR( HEAP , varHEAP );
  1704. MEMORY_ADDRESS pByte = GetExpression(args);
  1706. if (pByte)
  1707. {
  1708. if (ReadMemory(pByte,pHeap ,sizeof(HEAP),NULL))
  1709. {
  1710. dprintf(" -- 00 01 02 03 04 05 06 07\n");
  1711. DWORD nBytes = HEAP_MAXIMUM_FREELISTS / 8 ;
  1712. for (DWORD i=0;i<nBytes;i++)
  1713. {
  1714. BYTE Set = pHeap->u.FreeListsInUseBytes[i];
  1715. dprintf(" %02x : %c %c %c %c %c %c %c %c\n",8*i,
  1716. EmptyFull(Set & 0x01),EmptyFull(Set & 0x02),EmptyFull(Set & 0x04),EmptyFull(Set & 0x08),
  1717. EmptyFull(Set & 0x10),EmptyFull(Set & 0x20),EmptyFull(Set & 0x40),EmptyFull(Set & 0x80));
  1718. }
  1719. dprintf(" ------------\n");
  1721. HEAP * pHeap_OOP = (HEAP *)pByte;
  1722. for (DWORD i=0;i<HEAP_MAXIMUM_FREELISTS;i++)
  1723. {
  1724. dprintf(" FreeList[%x] @ %p\n",i,&pHeap_OOP->FreeLists[i]);
  1725. EnumReverseLinkedListCB((LIST_ENTRY *)&pHeap_OOP->FreeLists[i],
  1726. sizeof(HEAP_FREE_ENTRY),
  1727. FIELD_OFFSET(HEAP_FREE_ENTRY,FreeList),
  1728. CallBackFreeList2);
  1729. }
  1730. }
  1731. else
  1732. {
  1733. dprintf("RM %p\n",pByte);
  1734. }
  1735. }
  1736. else
  1737. {
  1738. dprintf("invalid address %s\n",args);
  1739. }
  1741. }
  1743. //
  1744. // dumps the DPH_HEAP_ROOT
  1745. //
  1746. ///////////////////////////////////////
  1748. DECLARE_API( php )
  1749. {
  1750. INIT_API();
  1752. char * pHeapAddr = (char *)args;
  1753. while (isspace(*pHeapAddr)) pHeapAddr++;
  1755. char * pNext = pHeapAddr;
  1756. while (!isspace(*pNext)) pNext++; // skipt the Heap Addr
  1757. if (*pNext)
  1758. {
  1759. *pNext = 0;
  1760. pNext++;
  1761. }
  1762. MEMORY_ADDRESS Addr = GetExpression(pHeapAddr);
  1763. while (isspace(*pNext)) pNext++; // skip the other spaces
  1764. MEMORY_ADDRESS SearchAddr = 0;
  1765. if (*pNext == 's' ||*pNext == 'S')
  1766. {
  1767. pNext++; // skip the 's'
  1768. if (*pNext)
  1769. {
  1770. while(isspace(*pNext)) pNext++; // skip the spaces
  1771. SearchAddr = GetExpression(pNext);
  1772. }
  1773. }
  1775. //dprintf("heap %p addr %p\n",Addr,SearchAddr);
  1777. if (Addr)
  1778. {
  1780. g_BlockSize = 0x10000*sizeof(HEAP_ENTRY);
  1781. g_pBlockBlob = NULL;
  1782. if (SearchAddr)
  1783. g_pBlockBlob = (ULONG_PTR *)VirtualAlloc(NULL,g_BlockSize,MEM_COMMIT,PAGE_READWRITE);
  1785. if (SearchAddr && !g_pBlockBlob)
  1786. {
  1787. dprintf("VirtualAlloc err %d\n",GetLastError());
  1788. return;
  1789. }
  1791. HEAP Heap;
  1792. DPH_HEAP_ROOT HeapPage;
  1793. if (0 == SearchAddr)
  1794. dprintf(" HEAP @ %p\n",Addr);
  1795. if (ReadMemory((MEMORY_ADDRESS)Addr,&Heap,sizeof(HEAP),NULL))
  1796. {
  1797. if (Heap.ForceFlags & HEAP_FLAG_PAGE_ALLOCS)
  1798. {
  1799. Addr += PAGE_SIZE;
  1800. dprintf(" DPH_HEAP_ROOT @ %p\n",Addr);
  1801. if (ReadMemory((MEMORY_ADDRESS)Addr,&HeapPage,sizeof(DPH_HEAP_ROOT),NULL))
  1802. {
  1803. DPH_HEAP_BLOCK HeapBlock;
  1804. DPH_HEAP_BLOCK * pNextBlock;
  1806. if (0 == SearchAddr)
  1807. {
  1808. pNextBlock = HeapPage.pVirtualStorageListHead;
  1809. dprintf(" - pVirtualStorageListHead\n");
  1810. while(pNextBlock)
  1811. {
  1813. if (ReadMemory((MEMORY_ADDRESS)pNextBlock,&HeapBlock,sizeof(DPH_HEAP_BLOCK),NULL))
  1814. {
  1815. dprintf(" %p - (%p) B %p S %p \n",
  1816. pNextBlock,
  1817. HeapBlock.pNextAlloc,
  1818. HeapBlock.pVirtualBlock,
  1819. HeapBlock.nVirtualBlockSize);
  1820. pNextBlock = HeapBlock.pNextAlloc;
  1821. }
  1822. else
  1823. {
  1824. pNextBlock = NULL;
  1825. }
  1826. }
  1827. }
  1829. pNextBlock = HeapPage.pBusyAllocationListHead;
  1830. if (0 == SearchAddr)
  1831. dprintf(" - pBusyAllocationListHead\n");
  1832. while(pNextBlock)
  1833. {
  1834. if (ReadMemory((MEMORY_ADDRESS)pNextBlock,&HeapBlock,sizeof(DPH_HEAP_BLOCK),NULL))
  1835. {
  1836. if (0 == SearchAddr)
  1837. {
  1838. dprintf(" %p - (%p) %x %x %x U %p S %p\n",
  1839. pNextBlock,
  1840. HeapBlock.pNextAlloc,
  1841. ULONG_PTR(HeapBlock.pVirtualBlock)/PAGE_SIZE,
  1842. HeapBlock.nVirtualBlockSize/PAGE_SIZE,
  1843. HeapBlock.nVirtualAccessSize/PAGE_SIZE,
  1844. HeapBlock.pUserAllocation,
  1845. HeapBlock.StackTrace_);
  1846. GetVTable((MEMORY_ADDRESS)HeapBlock.pUserAllocation+sizeof(DPH_BLOCK_INFORMATION));
  1847. }
  1848. else // do the real search
  1849. {
  1850. MEMORY_ADDRESS Size = (MEMORY_ADDRESS)HeapBlock.pVirtualBlock+HeapBlock.nVirtualAccessSize-(MEMORY_ADDRESS)HeapBlock.pUserAllocation;
  1851. if (ReadMemory((MEMORY_ADDRESS)HeapBlock.pUserAllocation,g_pBlockBlob,(ULONG)Size,NULL))
  1852. {
  1853. Size /= sizeof(ULONG_PTR);
  1854. BOOL bFound = FALSE;
  1855. for (ULONG_PTR j =0;j<Size;j++)
  1856. {
  1857. if (SearchAddr == g_pBlockBlob[j])
  1858. {
  1859. bFound = TRUE;
  1860. dprintf(" OFF %p\n",j*sizeof(ULONG_PTR));
  1861. }
  1862. }
  1863. if (bFound)
  1864. {
  1865. dprintf(" B %p\n",HeapBlock.pUserAllocation);
  1866. }
  1867. }
  1868. else
  1869. {
  1870. dprintf("RM %p\n",HeapBlock.pUserAllocation);
  1871. }
  1872. }
  1873. pNextBlock = HeapBlock.pNextAlloc;
  1874. }
  1875. else
  1876. {
  1877. pNextBlock = NULL;
  1878. }
  1879. }
  1881. if (0 == SearchAddr)
  1882. {
  1883. pNextBlock = HeapPage.pFreeAllocationListHead;
  1884. dprintf(" - pFreeAllocationListHead\n");
  1885. while(pNextBlock)
  1886. {
  1887. if (ReadMemory((MEMORY_ADDRESS)pNextBlock,&HeapBlock,sizeof(DPH_HEAP_BLOCK),NULL))
  1888. {
  1889. dprintf(" %p - (%p) %x %x %x U %p S %p\n",
  1890. pNextBlock,
  1891. HeapBlock.pNextAlloc,
  1892. ULONG_PTR(HeapBlock.pVirtualBlock)/PAGE_SIZE,
  1893. HeapBlock.nVirtualBlockSize/PAGE_SIZE,
  1894. HeapBlock.nVirtualAccessSize/PAGE_SIZE,
  1895. HeapBlock.pUserAllocation,
  1896. HeapBlock.StackTrace_);
  1897. pNextBlock = HeapBlock.pNextAlloc;
  1898. }
  1899. else
  1900. {
  1901. pNextBlock = NULL;
  1902. }
  1903. }
  1904. }
  1906. if (0 == SearchAddr)
  1907. {
  1908. pNextBlock = HeapPage.pAvailableAllocationListHead;
  1909. dprintf(" - pAvailableAllocationListHead\n");
  1910. while(pNextBlock)
  1911. {
  1913. if (ReadMemory((MEMORY_ADDRESS)pNextBlock,&HeapBlock,sizeof(DPH_HEAP_BLOCK),NULL))
  1914. {
  1915. dprintf(" %p - (%p) B %p S %p \n",
  1916. pNextBlock,
  1917. HeapBlock.pNextAlloc,
  1918. HeapBlock.pVirtualBlock,
  1919. HeapBlock.nVirtualBlockSize);
  1920. pNextBlock = HeapBlock.pNextAlloc;
  1921. }
  1922. else
  1923. {
  1924. pNextBlock = NULL;
  1925. }
  1926. }
  1927. }
  1929. if (0 == SearchAddr)
  1930. {
  1931. pNextBlock = HeapPage.pNodePoolListHead;
  1932. dprintf(" - pNodePoolListHead\n");
  1933. while(pNextBlock)
  1934. {
  1936. if (ReadMemory((MEMORY_ADDRESS)pNextBlock,&HeapBlock,sizeof(DPH_HEAP_BLOCK),NULL))
  1937. {
  1938. dprintf(" %p - (%p) B %p S %p \n",
  1939. pNextBlock,
  1940. HeapBlock.pNextAlloc,
  1941. HeapBlock.pVirtualBlock,
  1942. HeapBlock.nVirtualBlockSize);
  1943. pNextBlock = HeapBlock.pNextAlloc;
  1944. }
  1945. else
  1946. {
  1947. pNextBlock = NULL;
  1948. }
  1949. }
  1950. }
  1952. dprintf(" NormalHeap @ %p\n",HeapPage.NormalHeap);
  1953. if (ReadMemory((ULONG_PTR)HeapPage.NormalHeap,&Heap ,sizeof(HEAP),NULL))
  1954. {
  1955. for (DWORD h=0;h<HEAP_MAXIMUM_SEGMENTS;h++)
  1956. {
  1957. if (Heap.Segments[h])
  1958. {
  1959. if (SearchAddr)
  1960. PrintHEAP_SEGMENT(Heap.Segments[h],CallBackSearch,(ULONG_PTR)SearchAddr);
  1961. else
  1962. PrintHEAP_SEGMENT(Heap.Segments[h],NULL,NULL);
  1963. }
  1964. }
  1965. }
  1966. else
  1967. {
  1968. dprintf("RM %p\n",HeapPage.NormalHeap);
  1969. }
  1971. }
  1972. else
  1973. {
  1974. dprintf("RM %p\n",Addr);
  1975. }
  1977. }
  1978. else
  1979. {
  1980. DecodeFlags(Heap.ForceFlags|Heap.Flags);
  1981. }
  1982. }
  1983. else
  1984. {
  1985. dprintf("RM %p\n",Addr);
  1986. }
  1988. if (g_pBlockBlob)
  1989. {
  1990. VirtualFree(g_pBlockBlob,g_BlockSize,MEM_RELEASE);
  1991. g_pBlockBlob = NULL;
  1992. g_BlockSize = 0;
  1993. }
  1995. }
  1996. else
  1997. {
  1998. dprintf("unable to resolve %s\n",args);
  1999. }
  2000. }
  2002. //
  2003. //
  2004. // virtual_query helper
  2005. //
  2006. ///////////////////////////////////////////////////////////////
  2008. char * GetState(DWORD State)
  2009. {
  2010. switch(State)
  2011. {
  2012. case MEM_COMMIT:
  2013. return "MEM_COMMIT";
  2014. case MEM_RESERVE:
  2015. return "MEM_RESERVE";
  2016. case MEM_FREE:
  2017. return "MEM_FREE";
  2018. };
  2019. return "";
  2020. }
  2022. char * GetType(DWORD Type)
  2023. {
  2024. switch(Type)
  2025. {
  2026. case MEM_IMAGE:
  2027. return "MEM_IMAGE";
  2028. case MEM_MAPPED:
  2029. return "MEM_MAPPED";
  2030. case MEM_PRIVATE:
  2031. return "MEM_PRIVATE";
  2032. }
  2033. return "";
  2034. }
  2036. char * GetProtect(DWORD Protect)
  2037. {
  2038. switch(Protect)
  2039. {
  2040. case PAGE_NOACCESS:
  2041. return "PAGE_NOACCESS";
  2042. case PAGE_READONLY:
  2043. return "PAGE_READONLY";
  2044. case PAGE_READWRITE:
  2045. return "PAGE_READWRITE";
  2046. case PAGE_WRITECOPY:
  2047. return "PAGE_WRITECOPY";
  2048. case PAGE_EXECUTE:
  2049. return "PAGE_EXECUTE";
  2050. case PAGE_EXECUTE_READ:
  2051. return "PAGE_EXECUTE_READ";
  2052. case PAGE_EXECUTE_READWRITE:
  2053. return "PAGE_EXECUTE_READWRITE";
  2054. case PAGE_EXECUTE_WRITECOPY:
  2055. return "PAGE_EXECUTE_WRITECOPY";
  2056. case PAGE_GUARD:
  2057. return "PAGE_GUARD";
  2058. case PAGE_NOCACHE:
  2059. return "PAGE_NOCACHE";
  2060. case PAGE_WRITECOMBINE:
  2061. return "PAGE_WRITECOMBINE";
  2062. }
  2063. return "<unk>";
  2064. }
  2066. //
  2067. //
  2068. // VirtualQueryEx
  2069. //
  2070. //
  2071. // vq -a address
  2072. // vq -f filter <all address space>
  2073. //
  2074. ///////////////////////////////////////////
  2076. DECLARE_API(vq)
  2077. {
  2078. INIT_API();
  2080. MEMORY_ADDRESS pVA = 0;
  2081. MEMORY_ADDRESS Filter = (MEMORY_ADDRESS)-1;
  2082. DWORD FilterSize = 0;
  2083. BOOL bAll = TRUE;
  2085. char * pCurrent = (char *)args;
  2087. if(0 < strlen(pCurrent))
  2088. {
  2089. while (isspace(*pCurrent)) pCurrent++;
  2090. if ('-' == *pCurrent ||
  2091. '/' == *pCurrent)
  2092. {
  2093. pCurrent++;
  2094. while (isspace(*pCurrent)) pCurrent++;
  2095. if ('a' == *pCurrent)
  2096. {
  2097. pCurrent++;
  2098. while (*pCurrent && isspace(*pCurrent)) pCurrent++;
  2099. pVA = GetExpression(pCurrent);
  2100. bAll = FALSE;
  2101. }
  2102. else if ('f' == *pCurrent)
  2103. {
  2104. pCurrent++;
  2105. while (*pCurrent && isspace(*pCurrent)) pCurrent++;
  2106. Filter = GetExpression(pCurrent);
  2107. dprintf("FILTER %08x\n",Filter);
  2108. }
  2109. else if ('s' == *pCurrent)
  2110. {
  2111. pCurrent++;
  2112. while (*pCurrent && isspace(*pCurrent)) pCurrent++;
  2113. FilterSize = (DWORD)GetExpression(pCurrent);
  2114. dprintf("Size %08x\n",FilterSize);
  2115. }
  2116. else
  2117. {
  2118. dprintf("usage: -a ADDR\n"
  2119. "usage: -F Filter <all address space>\n");
  2120. }
  2121. }
  2122. }
  2123. else
  2124. {
  2125. dprintf("no param\n");
  2126. }
  2129. ULONG_PTR Tot = 0;
  2130. MEMORY_BASIC_INFORMATION MemInfo;
  2131. SIZE_T dwRet = 0;
  2133. do
  2134. {
  2135. dwRet = VirtualQueryEx(hCurrentProcess,(LPCVOID)pVA,&MemInfo,sizeof(MemInfo));
  2137. if (dwRet &&
  2138. (MemInfo.AllocationProtect & Filter) &&
  2139. (MemInfo.RegionSize > FilterSize))
  2140. {
  2141. dprintf(" Base %p Size %p Alloc %p Prot %s %s %s %s\n",
  2142. MemInfo.BaseAddress,
  2143. MemInfo.RegionSize,
  2144. MemInfo.AllocationBase,
  2145. GetProtect(MemInfo.AllocationProtect),
  2146. GetState(MemInfo.State),
  2147. GetProtect(MemInfo.Protect),
  2148. GetType(MemInfo.Type));
  2149. Tot += MemInfo.RegionSize;
  2150. }
  2152. pVA = (ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize;
  2154. if (CheckControlC())
  2155. break;
  2156. } while (dwRet && bAll);
  2158. dprintf(" Total %p\n",Tot);
  2160. }
  2162. //
  2163. //
  2164. //
  2165. //
  2167. #ifdef KDEXT_64BIT
  2169. struct _HEAP_ENTRY_64
  2170. {
  2171. WORD Size ;
  2172. WORD PreviousSize ;
  2173. BYTE SegmentIndex ;
  2174. BYTE Flags ;
  2175. BYTE UnusedBytes ;
  2176. BYTE SmallTagIndex;
  2177. ULONG64 Pointer;
  2178. };
  2180. #endif /*KDEXT_64BIT*/
  2182. DECLARE_API(hef64)
  2183. {
  2184. INIT_API();
  2185. #ifdef KDEXT_64BIT
  2187. _HEAP_ENTRY_64 HeapEntry;
  2188. ULONG64 MemAddr = GetExpression(args);
  2189. ULONG64 pVTable = 0;
  2191. if (MemAddr)
  2192. {
  2193. if (ReadMemory(MemAddr,&HeapEntry,sizeof(HeapEntry),NULL))
  2194. {
  2195. dprintf(" %p: %04x - %04x [%02x] (%x)\n",MemAddr,HeapEntry.Size,HeapEntry.PreviousSize,HeapEntry.Flags,HeapEntry.Size*sizeof(_HEAP_ENTRY_64)-HeapEntry.UnusedBytes);
  2196. GetVTable(MemAddr + sizeof(_HEAP_ENTRY_64));
  2197. MemAddr = MemAddr+HeapEntry.Size*sizeof(_HEAP_ENTRY_64);
  2199. // 0x10 is LAST_ENTRY
  2200. while(!(HeapEntry.Flags & 0x10))
  2201. {
  2202. if (ReadMemory(MemAddr,&HeapEntry,sizeof(HeapEntry),NULL))
  2203. {
  2204. dprintf(" %p: %04x - %04x [%02x] (%x)\n",MemAddr,HeapEntry.Size,HeapEntry.PreviousSize,HeapEntry.Flags,HeapEntry.Size*sizeof(_HEAP_ENTRY_64)-HeapEntry.UnusedBytes);
  2205. GetVTable(MemAddr + sizeof(_HEAP_ENTRY_64));
  2206. MemAddr = MemAddr+HeapEntry.Size*sizeof(_HEAP_ENTRY_64);
  2207. }
  2208. else
  2209. {
  2210. dprintf("RM %p\n",MemAddr);
  2211. break;
  2212. }
  2213. if (CheckControlC())
  2214. break;
  2215. }
  2216. dprintf("last %p\n",MemAddr);
  2217. }
  2218. else
  2219. {
  2220. dprintf("RM %p\n",MemAddr);
  2221. }
  2222. }
  2223. else
  2224. {
  2225. dprintf("unable to resolve %s\n",args);
  2226. }
  2228. #endif /*KDEXT_64BIT*/
  2229. }
  2231. DECLARE_API(heb64)
  2232. {
  2233. INIT_API();
  2234. #ifdef KDEXT_64BIT
  2236. _HEAP_ENTRY_64 HeapEntry;
  2237. ULONG64 MemAddr = GetExpression(args);
  2238. ULONG64 pVTable = 0;
  2240. if (MemAddr)
  2241. {
  2242. if (ReadMemory(MemAddr,&HeapEntry,sizeof(HeapEntry),NULL))
  2243. {
  2244. dprintf(" %p: %04x - %04x [%02x] (%x)\n",MemAddr,HeapEntry.Size,HeapEntry.PreviousSize,HeapEntry.Flags,HeapEntry.Size*sizeof(_HEAP_ENTRY_64)-HeapEntry.UnusedBytes);
  2245. GetVTable(MemAddr + sizeof(_HEAP_ENTRY_64));
  2246. MemAddr = MemAddr - HeapEntry.PreviousSize*sizeof(_HEAP_ENTRY_64);
  2248. // 0x10 is LAST_ENTRY
  2249. while(HeapEntry.PreviousSize)
  2250. {
  2251. if (ReadMemory(MemAddr,&HeapEntry,sizeof(HeapEntry),NULL))
  2252. {
  2253. dprintf(" %p: %04x - %04x [%02x] (%x)\n",MemAddr,HeapEntry.Size,HeapEntry.PreviousSize,HeapEntry.Flags,HeapEntry.Size*sizeof(_HEAP_ENTRY_64)-HeapEntry.UnusedBytes);
  2254. GetVTable(MemAddr + sizeof(_HEAP_ENTRY_64));
  2255. MemAddr = MemAddr - HeapEntry.PreviousSize*sizeof(_HEAP_ENTRY_64);
  2256. }
  2257. else
  2258. {
  2259. dprintf("RM %p\n",MemAddr);
  2260. break;
  2261. }
  2262. if (CheckControlC())
  2263. break;
  2264. }
  2266. dprintf("last %p\n",MemAddr);
  2267. }
  2268. else
  2269. {
  2270. dprintf("RM %p\n",MemAddr);
  2271. }
  2272. }
  2273. else
  2274. {
  2275. dprintf("unable to resolve %s\n",args);
  2276. }
  2278. #endif /*KDEXT_64BIT*/
  2279. }
  2282. DECLARE_API(hps64)
  2283. {
  2284. INIT_API();
  2285. #ifdef KDEXT_64BIT
  2287. ULONG64 Peb = GetExpression(args);
  2289. if (!Peb)
  2290. {
  2291. Peb = 0x6fbfffde000;
  2292. }
  2294. ULONG NumberOfHeapsOffset;
  2295. ULONG HeapsOffset;
  2297. ULONG SegmentsOffset;
  2299. if ( Peb &&
  2300. (0 == GetFieldOffset("ntdll!_PEB","NumberOfHeaps",&NumberOfHeapsOffset)) &&
  2301. (0 == GetFieldOffset("ntdll!_PEB","ProcessHeaps",&HeapsOffset)) &&
  2302. (0 == GetFieldOffset("ntdll!_HEAP","Segments",&SegmentsOffset)))
  2303. {
  2304. //dprintf(" %x %x\n",NumberOfHeapsOffset,HeapsOffset);
  2305. ULONG nHeaps;
  2306. ULONG64 MemAddr;
  2307. if (ReadMemory(Peb+NumberOfHeapsOffset,&nHeaps,sizeof(ULONG),NULL))
  2308. {
  2309. //dprintf("nHeaps %08x\n",nHeaps);
  2310. ReadMemory(Peb+HeapsOffset,&MemAddr,sizeof(ULONG64),NULL);
  2311. ULONG64 * pHeaps = (ULONG64 *)_alloca(sizeof(ULONG64)*(DWORD)nHeaps);
  2312. ReadMemory(MemAddr,pHeaps,sizeof(ULONG64)*(DWORD)nHeaps,NULL);
  2314. // +0x0a0 Segments : [64] 0x000006fb`f9fa0c50
  2316. ULONG64 Segments[64];
  2318. for(ULONG i=0;i<nHeaps;i++)
  2319. {
  2320. if (ReadMemory(pHeaps[i]+SegmentsOffset,Segments,sizeof(Segments),NULL))
  2321. {
  2322. for (DWORD j=0;j<64;j++)
  2323. {
  2324. if (Segments[j])
  2325. {
  2326. dprintf(" S %p\n",Segments[j]);
  2327. }
  2328. if (CheckControlC())
  2329. break;
  2330. }
  2331. }
  2332. dprintf(" %p\n",pHeaps[i]);
  2334. if (CheckControlC())
  2335. break;
  2336. }
  2337. }
  2338. else
  2339. {
  2340. dprintf("RM %p\n",Peb+NumberOfHeapsOffset);
  2341. }
  2342. }
  2343. else
  2344. {
  2345. dprintf("check symbols for ntdll.dll or validate %p as PEB\n",Peb);
  2346. }
  2347. #endif /*KDEXT_64BIT*/
  2348. }