Find a mapping between a bunch of Windows and modules

Question

Find a mapping between a bunch of Windows and modules

I am looking for a way to find a mapping between the heap and the module to which the heap belongs. I extract the heaps as follows:

HANDLE heaps[1025]; DWORD nheaps = GetProcessHeaps((sizeof(heaps) / sizeof(HANDLE)) - 1, heaps); for (DWORD i = 0; i < nheaps; ++i) { // find module which created for heap // ... }

The reason I want to do this is because in my application I find about 40 heaps, some of them are standard heaps, others are heaps with low fragmentation. Now I'm trying to figure out which module uses that heap.

Thanks a lot!

+4

c ++ memory-management heap windows

usac Aug 27 '09 at 14:35

source share

2 answers

According to the MSDN docs, calling GetProcessHeaps gave you the handles for all the heaps in the current process, and not all the heaps in the system, so there is no mapping to other processes.

+6

Timo geusch Aug 27 '09 at 14:46

source share

Adrian mccarthy · Accepted Answer · 2009-08-27T21:59:18+0000

Add a CreateHeap call to the very beginning of your program and place a breakpoint on it. To run. Step into the call (transition to the level of disassembly). Set a new breakpoint. Now go on, and the breakpoint should hit every time a new heap is created. The call stack will show you where it came from.

If heaps are created by global objects, this will happen before main (). You can navigate your C start-up code at run time to set your breakpoint even earlier.

Find a mapping between a bunch of Windows and modules

More articles: