Reputation: 203
Finding heap or heap block or segment from address
I've been debugging a heap corruption in a software. I can write data to the heap and get control over some pointers. I can achieve my goal of executing code without knowing this but it confused me a bit.
The problem is that I can't find in which heap the block that I'm writing to is , nor the heap segments.
I used : !heap -x [address] and !heap -x -v [address] under Windbg and they didn't give me any result.
I know that some heaps may reserve another heap segment when no uncommitted space is available in the first one . However, I've dumped all heap segments and I couldn't find anyone with a base address similar to the one I'm looking for.
It seems a little bit weird to me that there's no process or application specific heap having these blocks !!
Upvotes: 2
Views: 1750
Answers (1)
Reputation: 3067
If the heap is corrupt, the !heap –x command might not work properly,
try a !heap –s –v to determine. Sample: Windbg !heap
Do !address , and you should see if the memory is stack or heap.
Upvotes: 4
Related Questions
- WinDbg How to find HeapAlloc or HeapAllocStub?
- Given a pointer, how might I find the _HEAP_ENTRY that it belongs to?
- Given a pointer, find the heap block where it resides
- WinDbg Address Summary
- Windows Heap Chunk Header Parsing and Size Calculation
- Process Heap Segments And Their Necessity
- Find which heap an address belongs to?
- Finding which function allocated a heap based on a memory address within the heap
- Why do the output of !address and !heap not match?
- In windbg, how do I get a heap header address from !heap -l results?