“!heap -flt -s xxxx”中的不同列是什么windbg命令代表 [英] What do the different columns in the "!heap -flt -s xxxx" windbg command represent
问题描述
我读了windbg!堆输出中的大小数字意味着什么?,我看了我的Windows内部书,但我仍然有一堆问题。所以列和我的问题都在下面。
** HEAP_ENTRY ** - 这个指针真的指向什么?与UserPtr有什么不同?
**大小** - 这个大小是什么意思?与UserSize有什么不同?
**上一页** - 这只是看起来是负偏移量,以获得以前的堆条目。仍然不确定它是如何使用的。
**标志** - 这些标志有任何文件吗?
** UserPtr ** - 什么是用户指针?在所有情况下,我看到它总是比HEAP_ENTRY高8个字节,但是我并不知道它指向什么。
** UserSize ** - 这似乎是实际分配的大小。
**状态** - 这只是告诉你这个堆条目是什么状态(空闲,忙碌等等)
示例:
HEAP_ENTRY大小上一个标记UserPtr UserSize - state
0015eeb0 0044 0000 [07] 0015eeb8 00204 - (busy)
HEAP_ENTRY
将所分配的块存储在连续的内存段中,每个分配的块以8字节标头开始,后跟实际分配的数据。 HEAP_ENTRY列是分配块的头的起始地址。
大小
堆管理器处理块中的块8个字节的倍数。列是分配的8个字节块的数量。在您的示例中,0044表示该块占用0x220字节(0x44 * 8)。
上一页
乘以每8个
标志
这是一个位掩码,用于编码以下信息
0x01 - HEAP_ENTRY_BUSY
0x02 - HEAP_ENTRY_EXTRA_PRESENT
0x04 - HEAP_ENTRY_FILL_PATTERN
0x08 - HEAP_ENTRY_VIRTUAL_ALLOC
0x10 - HEAP_ENTRY_LAST_ENTRY
UserPtr
这是返回到应用程序由HeapAlloc(由malloc / new调用)函数。由于标题总是8字节长,它始终是HEAP_ENTRY +8。
UserSize
这是传递给HeapAlloc的大小功能。
状态
这是对Flags列的解码,告诉条目是否忙,释放,最后一个段,...
请注意,在Windows 7/2008 R2中,堆是默认使用名为LFH(低碎片堆)的前端,使用默认堆管理器分配其中分派用户分配的数据的块。对于这些堆,UserPtr和UserSize将不会指向真正的用户数据。
!heap -s 的输出显示哪个堆是启用了LFH。
I've been doing some work on high memory issues, and I've been doing a lot of heap analysis in windbg, and I was curious what the different columns really mean in "!heap -flt -s xxxx" command.
I read What do the 'size' numbers mean in the windbg !heap output?, and I looked in my "Windows Internals" book, but I still had a bunch of questions. So the columns and my questions are below.
**HEAP_ENTRY** - What does this pointer really point to? How is it different than UserPtr?
**Size** - What does this size mean? How is it different than UserSize?
**Prev** - This just appears to be the negative offset to get to the previous heap entry. Still not sure exactly how it's used.
**Flags** - Is there any documentation on these flags?
**UserPtr** - What is the user pointer? In all cases I've seen it's always 8 bytes higher than the HEAP_ENTRY, but I don't really know what it points to.
**UserSize** - This appears to be the size of the actual allocation.
**state** - This just tells you what state of this heap entry is (free, busy, etc....)
Example:
HEAP_ENTRY Size Prev Flags UserPtr UserSize - state
0015eeb0 0044 0000 [07] 0015eeb8 00204 - (busy)
HEAP_ENTRY Heaps store allocated blocks in contiguous Segments of memory, each allocated block starts with a 8-bytes header followed by the actual allocated data. The HEAP_ENTRY column is the address of the beginning of the header of the allocated block.
Size The heap manager handles blocks in multiple of 8 bytes. The column is the number of 8 bytes chunk allocated. In your sample, 0044 means that the block takes 0x220 bytes (0x44*8).
Prev Multiply per 8 to have the negative offset in bytes to the previous heap block.
Flags This is a bitmask that encodes the following information
0x01 - HEAP_ENTRY_BUSY
0x02 - HEAP_ENTRY_EXTRA_PRESENT
0x04 - HEAP_ENTRY_FILL_PATTERN
0x08 - HEAP_ENTRY_VIRTUAL_ALLOC
0x10 - HEAP_ENTRY_LAST_ENTRY
UserPtr This is the pointer returned to the application by the HeapAlloc (callbed by malloc/new) function. Since the header is always 8 bytes long, it is always HEAP_ENTRY +8.
UserSize This is the size passed the HeapAlloc function.
state This is a decoding of the Flags column, telling if the entry is busy, freed, last of its segment, …
Be aware that in Windows 7/2008 R2, heaps are by default using a front-end named LFH (Low fragmented heap) that uses the default heap manager to allocate chunks in which it dispatched user allocated data. For these heaps, UserPtr and UserSize will not point to real user data.
The output of !heap -s displays which heaps are LFH enabled.
这篇关于“!heap -flt -s xxxx”中的不同列是什么windbg命令代表的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
