Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1500 lines
35 KiB

/*++
Copyright (c) 2000 Microsoft Corporation
Module Name:
heapleak.c
Abstract:
WinDbg Extension Api
Author:
Adrian Marinescu (adrmarin) 04/17/2000
Environment:
User Mode.
Revision History:
--*/
#include "precomp.h"
#include "heap.h"
#pragma hdrstop
ULONG PageSize;
ULONG HeapEntrySize;
ULONG PointerSize;
ULONG64 HeapLargestAddress;
BOOLEAN Is64BitArchitecture;
ULONG FrontEndHeapType;
ULONG CrtSegmentIndex;
ULONG ScanLevel;
ULONG LoopLimit = 100000;
BOOLEAN
ReadHeapSubSegment(
ULONG64 HeapAddress,
ULONG64 SegmentAddress,
ULONG64 SubSegmentAddress,
HEAP_ITERATOR_CALLBACK HeapCallback
)
{
ULONG64 SubSegmentDescriptor;
ULONG64 BlockCount = 0, BlockSize;
ULONG i;
ULONG64 CrtAddress;
ULONG64 EntryAddress;
GetFieldValue(SubSegmentAddress, "ntdll!_HEAP_USERDATA_HEADER", "SubSegment", SubSegmentDescriptor);
if (!(*HeapCallback)( CONTEXT_START_SUBSEGMENT,
HeapAddress,
SubSegmentAddress,
SubSegmentDescriptor,
0
)) {
return FALSE;
}
GetFieldValue(SubSegmentDescriptor, "ntdll!_HEAP_SUBSEGMENT", "BlockCount", BlockCount);
if (GetFieldValue(SubSegmentDescriptor, "ntdll!_HEAP_SUBSEGMENT", "BlockSize", BlockSize)) {
(*HeapCallback)( CONTEXT_ERROR,
HeapAddress,
SegmentAddress,
SubSegmentAddress,
(ULONG64)(&"subsegment cannot access the block size\n")
);
return FALSE;
}
if (BlockSize <= 1) {
(*HeapCallback)( CONTEXT_ERROR,
HeapAddress,
SegmentAddress,
SubSegmentAddress,
(ULONG64)(&"invalid block size\n")
);
return FALSE;
}
CrtAddress = SubSegmentAddress + GetTypeSize("ntdll!_HEAP_USERDATA_HEADER");
for (i = 0; i < BlockCount; i++) {
ULONG64 SmallTagIndex, BlockSegIndex;
EntryAddress = CrtAddress + i * BlockSize * HeapEntrySize;
GetFieldValue(EntryAddress, "ntdll!_HEAP_ENTRY", "SegmentIndex", BlockSegIndex);
if (BlockSegIndex != 0xFF) {
(*HeapCallback)( CONTEXT_ERROR,
HeapAddress,
SegmentAddress,
EntryAddress,
(ULONG64)(&"SegmentIndex field corrupted\n")
);
}
GetFieldValue(EntryAddress, "ntdll!_HEAP_ENTRY", "SmallTagIndex", SmallTagIndex);
if (SmallTagIndex) {
(*HeapCallback)( CONTEXT_BUSY_BLOCK,
HeapAddress,
SegmentAddress,
EntryAddress,
BlockSize * HeapEntrySize
);
} else {
(*HeapCallback)( CONTEXT_FREE_BLOCK,
HeapAddress,
SegmentAddress,
EntryAddress,
BlockSize * HeapEntrySize
);
}
}
if (!(*HeapCallback)( CONTEXT_END_SUBSEGMENT,
HeapAddress,
SubSegmentAddress,
SubSegmentDescriptor,
0
)) {
return FALSE;
}
return TRUE;
}
//
// Walking heap routines
//
BOOLEAN
ReadHeapSegment(
ULONG64 HeapAddress,
ULONG SegmentIndex,
ULONG64 SegmentAddress,
HEAP_ITERATOR_CALLBACK HeapCallback
)
{
ULONG64 SegmentBaseAddress;
ULONG64 PrevEntryAddress, EntryAddress, NextEntryAddress;
ULONG64 EntrySize, EntryFlags, BlockSegIndex;
ULONG64 SegmentLastValidEntry;
ULONG64 UnCommittedRange, UnCommittedRangeAddress = 0, UnCommittedRangeSize = 0;
ULONG LoopCount;
BOOLEAN IsSubsegment;
ScanLevel = SCANSEGMENT;
if (!(*HeapCallback)( CONTEXT_START_SEGMENT,
HeapAddress,
SegmentAddress,
0,
0
)) {
return FALSE;
}
CrtSegmentIndex = SegmentIndex;
GetFieldValue(SegmentAddress, "ntdll!_HEAP_SEGMENT", "BaseAddress", SegmentBaseAddress);
GetFieldValue(SegmentAddress, "ntdll!_HEAP_SEGMENT", "LastValidEntry", SegmentLastValidEntry);
GetFieldValue(SegmentAddress, "ntdll!_HEAP_SEGMENT", "UnCommittedRanges", UnCommittedRange);
if (UnCommittedRange) {
GetFieldValue(UnCommittedRange, "ntdll!_HEAP_UNCOMMMTTED_RANGE", "Address", UnCommittedRangeAddress);
GetFieldValue(UnCommittedRange, "ntdll!_HEAP_UNCOMMMTTED_RANGE", "Size", UnCommittedRangeSize);
}
// dprintf("Uncommitted: %p %p %p\n", UnCommittedRange, UnCommittedRangeAddress, UnCommittedRangeSize);
if (SegmentBaseAddress == HeapAddress) {
EntryAddress = HeapAddress;
} else {
EntryAddress = SegmentAddress;
}
PrevEntryAddress = 0;
LoopCount = 0;
while (EntryAddress < SegmentLastValidEntry) {
if (++LoopCount >= LoopLimit) {
dprintf("Walking the segment exceeded the %ld limit\n", LoopLimit);
break;
}
if (ScanLevel < SCANSEGMENT) {
break;
}
if (GetFieldValue(EntryAddress, "ntdll!_HEAP_ENTRY", "Size", EntrySize)) {
(*HeapCallback)( CONTEXT_ERROR,
HeapAddress,
SegmentAddress,
EntryAddress,
(ULONG64)(&"unable to read uncommited range structure at\n")
);
break;
}
if (EntrySize <= 1) {
(*HeapCallback)( CONTEXT_ERROR,
HeapAddress,
SegmentAddress,
EntryAddress,
(ULONG64)(&"invalid block size\n")
);
break;
}
EntrySize *= HeapEntrySize;
NextEntryAddress = EntryAddress + EntrySize;
GetFieldValue(EntryAddress, "ntdll!_HEAP_ENTRY", "Flags", EntryFlags);
GetFieldValue(EntryAddress, "ntdll!_HEAP_ENTRY", "SegmentIndex", BlockSegIndex);
if (BlockSegIndex != CrtSegmentIndex) {
(*HeapCallback)( CONTEXT_ERROR,
HeapAddress,
SegmentAddress,
EntryAddress,
(ULONG64)(&"SegmentIndex field corrupted\n")
);
}
IsSubsegment = FALSE;
if (FrontEndHeapType == 2) {
ULONG64 Signature;
GetFieldValue(EntryAddress + HeapEntrySize, "ntdll!_HEAP_USERDATA_HEADER", "Signature", Signature);
if ((ULONG)Signature == 0xF0E0D0C0) {
ReadHeapSubSegment( HeapAddress,
SegmentAddress,
EntryAddress + HeapEntrySize,
HeapCallback );
IsSubsegment = TRUE;
if (CheckControlC()) {
ScanLevel = 0;
return FALSE;
}
}
}
if (!IsSubsegment) {
if (EntryFlags & HEAP_ENTRY_BUSY) {
(*HeapCallback)( CONTEXT_BUSY_BLOCK,
HeapAddress,
SegmentAddress,
EntryAddress,
EntrySize
);
} else {
(*HeapCallback)( CONTEXT_FREE_BLOCK,
HeapAddress,
SegmentAddress,
EntryAddress,
EntrySize
);
}
}
PrevEntryAddress = EntryAddress;
EntryAddress = NextEntryAddress;
if (EntryFlags & HEAP_ENTRY_LAST_ENTRY) {
if (CheckControlC()) {
ScanLevel = 0;
return FALSE;
}
if (EntryAddress == UnCommittedRangeAddress) {
PrevEntryAddress = 0;
EntryAddress = UnCommittedRangeAddress + UnCommittedRangeSize;
GetFieldValue(UnCommittedRange, "ntdll!_HEAP_UNCOMMMTTED_RANGE", "Next", UnCommittedRange);
if (UnCommittedRange) {
GetFieldValue(UnCommittedRange, "ntdll!_HEAP_UNCOMMMTTED_RANGE", "Address", UnCommittedRangeAddress);
GetFieldValue(UnCommittedRange, "ntdll!_HEAP_UNCOMMMTTED_RANGE", "Size", UnCommittedRangeSize);
}
} else {
break;
}
}
}
if (!(*HeapCallback)( CONTEXT_END_SEGMENT,
HeapAddress,
SegmentAddress,
0,
0
)) {
return FALSE;
}
return TRUE;
}
BOOLEAN
ReadHeapData(ULONG64 HeapAddress, HEAP_ITERATOR_CALLBACK HeapCallback)
{
ULONG SegmentCount = 0;
ULONG64 Head;
ULONG64 Next;
ULONG i;
ULONG PtrSize;
ULONG SegmentsOffset;
ULONG VirtualBlockOffset;
ULONG64 Segment;
ULONG64 LookasideAddress;
ULONG64 LFHAddress;
ULONG LoopCount;
ScanLevel = SCANHEAP;
if (!(*HeapCallback)( CONTEXT_START_HEAP,
HeapAddress,
0,
0,
0
)) {
return FALSE;
}
PtrSize = IsPtr64() ? 8 : 4;
LookasideAddress = 0;
LFHAddress = 0;
FrontEndHeapType = 0;
if (GetFieldValue(HeapAddress, "ntdll!_HEAP", "Lookaside", LookasideAddress)) {
if (GetFieldValue(HeapAddress, "ntdll!_HEAP", "FrontEndHeapType", FrontEndHeapType)) {
dprintf("Front-end heap type info is not available\n");
}
switch (FrontEndHeapType){
case 1:
GetFieldValue(HeapAddress, "ntdll!_HEAP", "FrontEndHeap", LookasideAddress);
break;
case 2:
GetFieldValue(HeapAddress, "ntdll!_HEAP", "FrontEndHeap", LFHAddress);
break;
}
} else {
if (LookasideAddress) {
FrontEndHeapType = 1;
}
}
GetFieldOffset("ntdll!_HEAP", "Segments", &SegmentsOffset);
do {
if (ScanLevel < SCANHEAP) {
return FALSE;
}
if (!ReadPointer( HeapAddress + SegmentsOffset + SegmentCount*PtrSize,
&Segment ) ) {
break;
}
if (Segment) {
ReadHeapSegment( HeapAddress,
SegmentCount,
Segment,
HeapCallback
);
SegmentCount += 1;
if (CheckControlC()) {
ScanLevel = 0;
return FALSE;
}
}
} while ( Segment );
GetFieldOffset("_HEAP", "VirtualAllocdBlocks", &VirtualBlockOffset);
Head = HeapAddress + VirtualBlockOffset;
GetFieldValue(HeapAddress, "ntdll!_HEAP", "VirtualAllocdBlocks.Flink", Next);
LoopCount = 0;
while (Next != Head) {
ULONG64 VBlockSize;
if (++LoopCount >= LoopLimit) {
dprintf("Walking the virtual block list exceeded the %ld limit\n", LoopLimit);
break;
}
if (ScanLevel < SCANHEAP) {
return FALSE;
}
GetFieldValue(Next, "ntdll!_HEAP_VIRTUAL_ALLOC_ENTRY", "CommitSize", VBlockSize);
(*HeapCallback)( CONTEXT_VIRTUAL_BLOCK,
HeapAddress,
0,
Next,
VBlockSize
);
if (!ReadPointer(Next, &Next)) {
(*HeapCallback)( CONTEXT_ERROR,
HeapAddress,
0,
Next,
(ULONG64)(&"Unable to read virtual block\n")
);
break;
}
}
if (!(*HeapCallback)( CONTEXT_END_BLOCKS,
HeapAddress,
0,
0,
0
)) {
return FALSE;
}
// dprintf("Scanning lookasides\n");
if (LookasideAddress) {
ULONG LookasideSize;
PVOID Lookaside;
ULONG HeapEntrySize;
HeapEntrySize = GetTypeSize("ntdll!_HEAP_ENTRY");
LookasideSize = GetTypeSize("ntdll!_HEAP_LOOKASIDE");
for (i = 0; i < HEAP_MAXIMUM_FREELISTS; i++) {
if (ScanLevel < SCANHEAP) {
return FALSE;
}
GetFieldValue(LookasideAddress, "ntdll!_HEAP_LOOKASIDE", "ListHead.Next", Next);
if (Is64BitArchitecture) {
Next <<= 3;
}
LoopCount = 0;
while (Next) {
if (++LoopCount >= LoopLimit) {
dprintf("Walking the lookaside block list index %ld exceeded the %ld limit\n", i, LoopLimit);
break;
}
(*HeapCallback)( CONTEXT_LOOKASIDE_BLOCK,
HeapAddress,
0,
Next - HeapEntrySize,
i*HeapEntrySize
);
if (!ReadPointer(Next, &Next)) {
(*HeapCallback)( CONTEXT_ERROR,
HeapAddress,
0,
Next,
(ULONG64)(&"Unable to read lookaside block\n")
);
break;
}
}
LookasideAddress += LookasideSize;
}
}
if (LFHAddress) {
(*HeapCallback)( CONTEXT_LFH_HEAP,
HeapAddress,
LFHAddress,
0,
0
);
}
(*HeapCallback)( CONTEXT_END_HEAP,
HeapAddress,
0,
0,
0
);
return TRUE;
}
void
ScanProcessHeaps(
IN ULONG64 AddressToDump,
IN ULONG64 ProcessPeb,
HEAP_ITERATOR_CALLBACK HeapCallback
)
{
ULONG NumberOfHeaps;
ULONG64 pHeapsList;
ULONG64 * Heaps;
ULONG PtrSize;
ULONG HeapNumber;
if (AddressToDump) {
ReadHeapData ( AddressToDump, HeapCallback);
return;
}
if (!(*HeapCallback)( CONTEXT_START_GLOBALS,
0,
0,
0,
ProcessPeb
)) {
return;
}
ScanLevel = SCANPROCESS;
GetFieldValue(ProcessPeb, "ntdll!_PEB", "NumberOfHeaps", NumberOfHeaps);
GetFieldValue(ProcessPeb, "ntdll!_PEB", "ProcessHeaps", pHeapsList);
if (NumberOfHeaps == 0) {
dprintf( "No heaps to display.\n" );
return;
}
if (!pHeapsList) {
dprintf( "Unable to get address of ProcessHeaps array\n" );
return;
}
Heaps = malloc( NumberOfHeaps * sizeof(ULONG64) );
if (!Heaps) {
dprintf( "Unable to allocate memory to hold ProcessHeaps array\n" );
return;
}
PtrSize = IsPtr64() ? 8 : 4;
for (HeapNumber=0; HeapNumber<NumberOfHeaps ; HeapNumber++) {
if (!ReadPointer( pHeapsList + HeapNumber*PtrSize,
&Heaps[HeapNumber] ) ) {
dprintf( "%08p: Unable to read ProcessHeaps array\n", pHeapsList );
free(Heaps);
return;
}
}
for ( HeapNumber = 0; HeapNumber < NumberOfHeaps; HeapNumber++ ) {
if (ScanLevel < SCANPROCESS) {
free(Heaps);
return;
}
if ((AddressToDump == 0)
||
(AddressToDump == Heaps[HeapNumber])) {
ReadHeapData ( Heaps[HeapNumber], HeapCallback);
}
}
free(Heaps);
}
//
// Allocation routines
//
HANDLE TempHeap;
#define AllocateBlock(Size) HeapAlloc(TempHeap, 0, Size)
#define FreeBlock(P) HeapFree(TempHeap, 0, P)
//
// Leak detector code
//
typedef enum _USAGE_TYPE {
UsageUnknown,
UsageModule,
UsageHeap,
UsageOther
} USAGE_TYPE;
typedef struct _HEAP_BLOCK {
LIST_ENTRY Entry;
ULONG64 BlockAddress;
ULONG64 Size;
LONG Count;
} HEAP_BLOCK, *PHEAP_BLOCK;
typedef struct _BLOCK_DESCR {
USAGE_TYPE Type;
ULONG64 Heap;
LONG Count;
HEAP_BLOCK Blocks[1];
}BLOCK_DESCR, *PBLOCK_DESCR;
typedef struct _MEMORY_MAP {
ULONG64 Granularity;
ULONG64 Offset;
ULONG64 MaxAddress;
CHAR FlagsBitmap[256 / 8];
union{
struct _MEMORY_MAP * Details[ 256 ];
PBLOCK_DESCR Usage[ 256 ];
};
struct _MEMORY_MAP * Parent;
} MEMORY_MAP, *PMEMORY_MAP;
MEMORY_MAP ProcessMemory;
ULONG LeaksCount = 0;
ULONG64 PreviousPage = 0;
ULONG64 CrtPage = 0;
LONG NumBlocks = 0;
PHEAP_BLOCK TempBlocks;
ULONG64 LastHeapAddress = 0;
ULONG64 RtlpPreviousStartAddress = 0;
LIST_ENTRY HeapBusyList;
LIST_ENTRY HeapLeakList;
void InitializeMap(PMEMORY_MAP MemMap, PMEMORY_MAP Parent)
{
memset(MemMap, 0, sizeof(*MemMap));
MemMap->Parent = Parent;
if (Parent) {
MemMap->Granularity = Parent->Granularity / 256;
}
}
void
SetBlockInfo(PMEMORY_MAP MemMap, ULONG64 Base, ULONG64 Size, PBLOCK_DESCR BlockDescr)
{
ULONG64 Start, End;
ULONG64 i;
if (((Base + Size - 1) < MemMap->Offset) ||
(Base > MemMap->MaxAddress)
) {
return;
}
if (Base > MemMap->Offset) {
Start = (Base - MemMap->Offset) / MemMap->Granularity;
} else {
Start = 0;
}
End = (Base - MemMap->Offset + Size - 1) / MemMap->Granularity;
if (End > 255) {
End = 255;
}
for (i = Start; i <= End; i++) {
if (MemMap->Granularity == PageSize) {
if (BlockDescr) {
if (MemMap->Usage[i] != NULL) {
if (MemMap->Usage[i] != BlockDescr) {
dprintf("Error\n");
}
}
MemMap->Usage[i] = BlockDescr;
} else {
MemMap->FlagsBitmap[i / 8] |= 1 << (i % 8);
}
} else {
if (!MemMap->Details[i]) {
MemMap->Details[i] = AllocateBlock(sizeof(*MemMap));
if (!MemMap->Details[i]) {
dprintf("Error allocate\n");
return;
}
InitializeMap(MemMap->Details[i], MemMap);
MemMap->Details[i]->Offset = MemMap->Offset + MemMap->Granularity * i;
MemMap->Details[i]->MaxAddress = MemMap->Offset + MemMap->Granularity * (i+1) - 1;
}
SetBlockInfo(MemMap->Details[i], Base, Size, BlockDescr);
}
}
}
PBLOCK_DESCR
GetBlockInfo(PMEMORY_MAP MemMap, ULONG64 Base)
{
ULONG64 Start;
PBLOCK_DESCR BlockDescr = NULL;
if ((Base < MemMap->Offset) ||
(Base > MemMap->MaxAddress)
) {
return NULL;
}
if (Base > MemMap->Offset) {
Start = (Base - MemMap->Offset) / MemMap->Granularity;
} else {
Start = 0;
}
if (MemMap->Granularity == PageSize) {
return MemMap->Usage[Start];
} else {
if (MemMap->Details[Start]) {
return GetBlockInfo(MemMap->Details[Start], Base);
}
}
return NULL;
}
BOOLEAN
GetFlag(PMEMORY_MAP MemMap, ULONG64 Base)
{
ULONG64 Start;
PBLOCK_DESCR BlockDescr = NULL;
/*
dprintf("GetFlag %p %p %p\n",
MemMap->Offset,
MemMap->MaxAddress,
MemMap->Granularity
);
*/
if ((Base < MemMap->Offset) ||
(Base > MemMap->MaxAddress)
) {
return FALSE;
}
if (Base > MemMap->Offset) {
Start = (Base - MemMap->Offset) / MemMap->Granularity;
} else {
Start = 0;
}
if (MemMap->Granularity == PageSize) {
ULONG Flag = (MemMap->FlagsBitmap[Start / 8] & (1 << (Start % 8))) != 0;
return (MemMap->FlagsBitmap[Start / 8] & (1 << (Start % 8))) != 0;
} else {
if (MemMap->Details[Start]) {
return GetFlag(MemMap->Details[Start], Base);
}
}
return FALSE;
}
void InitializeSystem()
{
ULONG64 AddressRange = PageSize;
ULONG64 PreviousAddressRange = PageSize;
InitializeMap(&ProcessMemory, NULL);
InitializeListHead( &HeapBusyList );
InitializeListHead( &HeapLeakList );
while (TRUE) {
AddressRange = AddressRange * 256;
if ((AddressRange < PreviousAddressRange)
||
(AddressRange > HeapLargestAddress)
) {
ProcessMemory.MaxAddress = HeapLargestAddress;
ProcessMemory.Granularity = PreviousAddressRange;
break;
}
PreviousAddressRange = AddressRange;
}
TempBlocks = AllocateBlock(PageSize);
if (TempBlocks == NULL) {
dprintf("Cannot allocate temp buffer\n");
}
}
BOOLEAN
PushPageDescriptor(ULONG64 Page, ULONG64 NumPages)
{
PBLOCK_DESCR PBlockDescr;
PBLOCK_DESCR PreviousDescr;
LONG i;
PreviousDescr = GetBlockInfo(&ProcessMemory, Page * PageSize);
if (PreviousDescr) {
dprintf("Conflicting descriptors %08lx\n", PreviousDescr);
return FALSE;
}
PBlockDescr = (PBLOCK_DESCR)AllocateBlock(sizeof(BLOCK_DESCR) + (NumBlocks - 1) * sizeof(HEAP_BLOCK));
if (!PBlockDescr) {
dprintf("Unable to allocate page descriptor\n");
return FALSE;
}
PBlockDescr->Type = UsageHeap;
PBlockDescr->Count = NumBlocks;
PBlockDescr->Heap = LastHeapAddress;
memcpy(PBlockDescr->Blocks, TempBlocks, NumBlocks * sizeof(HEAP_BLOCK));
for (i = 0; i < NumBlocks; i++) {
InitializeListHead( &PBlockDescr->Blocks[i].Entry );
if (PBlockDescr->Blocks[i].BlockAddress != RtlpPreviousStartAddress) {
InsertTailList(&HeapLeakList, &PBlockDescr->Blocks[i].Entry);
PBlockDescr->Blocks[i].Count = 0;
RtlpPreviousStartAddress = PBlockDescr->Blocks[i].BlockAddress;
}
}
SetBlockInfo(&ProcessMemory, Page * PageSize, NumPages * PageSize, PBlockDescr);
return TRUE;
}
BOOLEAN RegisterHeapBlocks(
IN ULONG Context,
IN ULONG64 HeapAddress,
IN ULONG64 SegmentAddress,
IN ULONG64 EntryAddress,
IN ULONG64 Data
)
{
if (Context == CONTEXT_START_HEAP) {
dprintf("Heap %p\n", HeapAddress);
LastHeapAddress = HeapAddress;
return TRUE;
}
if (Context == CONTEXT_START_SEGMENT) {
ULONG64 NumberOfPages;
ULONG64 SegmentBaseAddress;
GetFieldValue(SegmentAddress, "ntdll!_HEAP_SEGMENT", "NumberOfPages", NumberOfPages);
GetFieldValue(SegmentAddress, "ntdll!_HEAP_SEGMENT", "BaseAddress", SegmentBaseAddress);
SetBlockInfo(&ProcessMemory, SegmentBaseAddress, NumberOfPages * PageSize, NULL);
return TRUE;
}
if (Context == CONTEXT_ERROR) {
dprintf("HEAP %p (Seg %p) At %p Error: %s\n",
HeapAddress,
SegmentAddress,
EntryAddress,
Data
);
return TRUE;
}
if (Context == CONTEXT_END_BLOCKS) {
if (PreviousPage) {
PushPageDescriptor(PreviousPage, 1);
}
PreviousPage = 0;
NumBlocks = 0;
} else if (Context == CONTEXT_BUSY_BLOCK) {
ULONG EntrySize;
ULONG64 EndPage;
EntrySize = (ULONG)Data;
EndPage = (EntryAddress + (EntrySize - 1)) / PageSize;
if (!GetFlag(&ProcessMemory, EntryAddress)) {
dprintf("CONTEXT_BUSY_BLOCK %p address isn't from the heap\n", EntryAddress);
}
CrtPage = (EntryAddress) / PageSize;
if (CrtPage != PreviousPage) {
if (PreviousPage) {
PushPageDescriptor(PreviousPage, 1);
}
PreviousPage = CrtPage;
NumBlocks = 0;
}
TempBlocks[NumBlocks].BlockAddress = EntryAddress;
TempBlocks[NumBlocks].Count = 0;
TempBlocks[NumBlocks].Size = EntrySize;
NumBlocks++;
if (EndPage != CrtPage) {
PushPageDescriptor(CrtPage, 1);
NumBlocks = 0;
TempBlocks[NumBlocks].BlockAddress = (ULONG_PTR)EntryAddress;
TempBlocks[NumBlocks].Count = 0;
TempBlocks[NumBlocks].Size = EntrySize;
NumBlocks = 1;
if (EndPage - CrtPage > 1) {
PushPageDescriptor(CrtPage + 1, EndPage - CrtPage - 1);
}
PreviousPage = EndPage;
}
} else if (Context == CONTEXT_VIRTUAL_BLOCK) {
ULONG64 EndPage;
EndPage = (EntryAddress + Data - 1) / PageSize;
CrtPage = (EntryAddress) / PageSize;
if (CrtPage != PreviousPage) {
if (PreviousPage) {
PushPageDescriptor(PreviousPage, 1);
}
PreviousPage = CrtPage;
NumBlocks = 0;
} else {
dprintf("Error in large block address\n");
}
TempBlocks[NumBlocks].BlockAddress = EntryAddress;
TempBlocks[NumBlocks].Count = 0;
TempBlocks[NumBlocks].Size = Data * HeapEntrySize;
NumBlocks++;
PushPageDescriptor(CrtPage, EndPage - CrtPage + 1);
PreviousPage = 0;
} else if ( Context == CONTEXT_LOOKASIDE_BLOCK ) {
PBLOCK_DESCR PBlockDescr;
LONG i;
if (!GetFlag(&ProcessMemory, EntryAddress)) {
dprintf("CONTEXT_LOOKASIDE_BLOCK %p address isn't from the heap\n", EntryAddress);
}
PBlockDescr = GetBlockInfo(&ProcessMemory, EntryAddress);
if (!PBlockDescr) {
dprintf("Error finding block from lookaside %p\n", EntryAddress);
return FALSE;
}
for (i = 0; i < PBlockDescr->Count; i++) {
if ((PBlockDescr->Blocks[i].BlockAddress <= (ULONG_PTR)EntryAddress) &&
(PBlockDescr->Blocks[i].BlockAddress + PBlockDescr->Blocks[i].Size > (ULONG_PTR)EntryAddress)) {
PBlockDescr->Blocks[i].Count = -10000;
RemoveEntryList(&PBlockDescr->Blocks[i].Entry);
return TRUE;
}
}
dprintf("Error, block %p from lookaside not found in allocated block list\n", EntryAddress);
}
return TRUE;
}
PHEAP_BLOCK
GetHeapBlock(ULONG64 Address)
{
PBLOCK_DESCR PBlockDescr;
LONG i;
PBlockDescr = GetBlockInfo(&ProcessMemory, Address);
if (PBlockDescr) {
for (i = 0; i < PBlockDescr->Count; i++) {
if ((PBlockDescr->Blocks[i].BlockAddress <= Address) &&
(PBlockDescr->Blocks[i].BlockAddress + PBlockDescr->Blocks[i].Size > Address)) {
if (PBlockDescr->Blocks[i].BlockAddress != Address) {
return GetHeapBlock(PBlockDescr->Blocks[i].BlockAddress);
}
return &(PBlockDescr->Blocks[i]);
}
}
}
return NULL;
}
BOOLEAN
ScanHeapAllocBlocks()
{
PLIST_ENTRY Next;
Next = HeapBusyList.Flink;
while (Next != &HeapBusyList) {
PHEAP_BLOCK Block = CONTAINING_RECORD(Next, HEAP_BLOCK, Entry);
PULONG_PTR CrtAddress = (PULONG_PTR)(Block->BlockAddress + HeapEntrySize);
Next = Next->Flink;
while ((ULONG_PTR)CrtAddress < Block->BlockAddress + Block->Size) {
ULONG_PTR Pointer;
if (ReadMemory( (ULONG64)(CrtAddress),
&Pointer,
sizeof(Pointer),
NULL
)) {
PHEAP_BLOCK pBlock = GetHeapBlock( Pointer );
if (pBlock) {
//
// We found a block. we increment then the reference count
//
if (pBlock->Count == 0) {
RemoveEntryList(&pBlock->Entry);
InsertTailList(&HeapBusyList, &pBlock->Entry);
}
pBlock->Count += 1;
}
}
//
// Go to the next possible pointer
//
CrtAddress++;
}
}
Next = HeapLeakList.Flink;
while (Next != &HeapLeakList) {
PHEAP_BLOCK Block = CONTAINING_RECORD(Next, HEAP_BLOCK, Entry);
PBLOCK_DESCR PBlockDescr = GetBlockInfo( &ProcessMemory, Block->BlockAddress );
PULONG_PTR CrtAddress = (PULONG_PTR)(Block->BlockAddress + HeapEntrySize);
//
// First time we need to display the header
//
if (LeaksCount == 0) {
dprintf("\n");
DumpEntryHeader();
}
//
// Display the information for this block
//
DumpEntryInfo(PBlockDescr->Heap, 0, Block->BlockAddress);
LeaksCount += 1;
//
// Go to the next item from the leak list
//
Next = Next->Flink;
}
return TRUE;
}
BOOLEAN
ScanProcessVM (
HANDLE hProcess
)
{
NTSTATUS Status;
SIZE_T BufferLen;
ULONG_PTR lpAddress = 0;
MEMORY_BASIC_INFORMATION Buffer;
PVOID MemoryBuffer;
if ( hProcess ) {
PROCESS_BASIC_INFORMATION BasicInfo;
dprintf("Scanning VM ...");
Status = NtQueryInformationProcess(
hProcess,
ProcessBasicInformation,
&BasicInfo,
sizeof(BasicInfo),
NULL
);
// dprintf("PEB %p\n", BasicInfo.PebBaseAddress);
MemoryBuffer = AllocateBlock(PageSize);
if (!MemoryBuffer) {
return FALSE;
}
BufferLen = sizeof(Buffer);
while (BufferLen) {
BufferLen = VirtualQueryEx( hProcess,
(LPVOID)lpAddress,
&Buffer,
sizeof(Buffer)
);
if (BufferLen) {
if (( Buffer.AllocationProtect &
(PAGE_READWRITE | PAGE_EXECUTE_READWRITE | PAGE_WRITECOPY | PAGE_EXECUTE_WRITECOPY))
) {
ULONG64 NumPages;
ULONG i, j;
NumPages = Buffer.RegionSize / PageSize;
for (i = 0; i < NumPages; i++) {
if (ReadMemory( (ULONG64)(lpAddress + i * PageSize),
MemoryBuffer,
PageSize,
NULL )
&&
!GetFlag(&ProcessMemory, lpAddress)
) {
ULONG_PTR * Pointers = (ULONG_PTR *)MemoryBuffer;
for (j = 0; j < PageSize/sizeof(ULONG_PTR); j++) {
ULONG_PTR Address = lpAddress + i * PageSize + j * sizeof(ULONG_PTR);
PHEAP_BLOCK pBlock = GetHeapBlock(*Pointers);
if (pBlock) {
if (pBlock->Count == 0) {
RemoveEntryList(&pBlock->Entry);
InsertTailList(&HeapBusyList, &pBlock->Entry);
}
pBlock->Count += 1;
}
Pointers += 1;
}
}
if (CheckControlC()) {
FreeBlock(MemoryBuffer);
ScanLevel = 0;
return FALSE;
}
}
}
lpAddress += Buffer.RegionSize;
}
}
//
// First scan will mark all used blocks
//
ScanHeapAllocBlocks();
FreeBlock(MemoryBuffer);
}
return TRUE;
}
void InspectLeaks(
IN ULONG64 AddressToDump,
IN ULONG64 ProcessPeb
)
{
HANDLE hProcess;
LeaksCount = 0;
InitializeSystem();
if (TempBlocks) {
ScanProcessHeaps( 0,
ProcessPeb,
RegisterHeapBlocks
);
GetCurrentProcessHandle( &hProcess );
if (hProcess){
ScanProcessVM(hProcess);
if (LeaksCount) {
dprintf("%ld leaks detected.\n", LeaksCount);
} else {
dprintf( "No leaks detected.\n");
}
} else {
dprintf("Unable to get the process handle\n");
}
}
}
VOID
HeapDetectLeaks()
{
ULONG64 Process;
ULONG64 ThePeb;
ULONG64 PageHeapAddress;
BOOLEAN PageHeapEnabled = FALSE;
ULONG PageHeapFlags = 0;
if (!InitializeHeapExtension()) {
return;
}
//
// Return immediately if full page heap is enabled
//
PageHeapAddress = GetExpression ("ntdll!RtlpDebugPageHeap");
ReadMemory (PageHeapAddress,
&PageHeapEnabled,
sizeof (BOOLEAN),
NULL);
PageHeapAddress = GetExpression ("ntdll!RtlpDphGlobalFlags");
ReadMemory (PageHeapAddress,
&PageHeapFlags,
sizeof (ULONG),
NULL);
if (PageHeapEnabled == TRUE && (PageHeapFlags & 0x01)) {
dprintf ("!heap -l does not work if full page heap is enabled for the process \n");
return;
}
GetPebAddress( 0, &ThePeb);
TempHeap = HeapCreate(HEAP_NO_SERIALIZE | HEAP_GROWABLE, 0, 0);
if (!TempHeap) {
dprintf("Unable to create temporary heap\n");
return;
}
InspectLeaks( 0, ThePeb);
HeapDestroy(TempHeap);
TempHeap = NULL;
}
BOOLEAN
InitializeHeapExtension()
{
PointerSize = IsPtr64() ? 8 : 4;
HeapEntrySize = GetTypeSize("ntdll!_HEAP_ENTRY");
if ((HeapEntrySize == 0)
||
(PointerSize == 0)) {
dprintf("Invalid type information\n");
return FALSE;
}
//
// Issue adrmarin 04/28/00: The page size should be available in the new interface
// IDebugControl::GetPageSize
//
if (PointerSize == 4) {
PageSize = 0x1000;
HeapLargestAddress = (ULONG)-1;
Is64BitArchitecture = FALSE;
} else {
PageSize = 0x2000;
HeapLargestAddress = (ULONGLONG)-1;
Is64BitArchitecture = TRUE;
}
return TRUE;
}