如何找到内存地址的所有者？

发布于 2025-01-11 09:30:33 字数 1706 浏览 0 评论 0原文

我正在分析带有 bad_alloc 异常的内存转储，并找到了 Windbg 所调用的重要内存区域

--- Usage Summary ---------------- RgnCount ----------- Total Size -------- %ofBusy %ofTotal
<unknown>                              4689          3bdc4000 ( 957.766 MB)  48.75%   46.77%
Heap                                   2228          2a1db000 ( 673.855 MB)  34.30%   32.90%
Image                                  1451           b66f000 ( 182.434 MB)   9.29%    8.91%
Stack                                   444           9400000 ( 148.000 MB)   7.53%    7.23%
Free                                   1607           5371000 (  83.441 MB)            4.07%
TEB                                     148            1ad000 (   1.676 MB)   0.09%    0.08%
Other                                   122             c1000 ( 772.000 kB)   0.04%    0.04%
PEB                                       1              3000 (  12.000 kB)   0.00%    0.00%

，并且我确信它是本机应用程序。我知道区域的地址

--- Largest Region by Usage ----------- Base Address -------- Region Size ----------
<unknown>                                    aa20000           5f2e000 (  95.180 MB)

并想找到谁分配了该内存。我怎样才能做到这一点？

0:118> !address aa20000

Usage:                  <unknown>
Base Address:           0aa20000
End Address:            1094e000
Region Size:            05f2e000 (  95.180 MB)
State:                  00001000          MEM_COMMIT
Protect:                00000002          PAGE_READONLY
Type:                   00040000          MEM_MAPPED
Allocation Base:        0aa20000
Allocation Protect:     00000002          PAGE_READONLY

堆函数不适用于这种和平的内存。我询问了启用 gflags 的转储，但现在我必须使用我拥有的数据。谢谢您的建议！

原文

I am analyzing memory dump with bad_alloc exception and find a significant region of memory what windbg call

--- Usage Summary ---------------- RgnCount ----------- Total Size -------- %ofBusy %ofTotal
<unknown>                              4689          3bdc4000 ( 957.766 MB)  48.75%   46.77%
Heap                                   2228          2a1db000 ( 673.855 MB)  34.30%   32.90%
Image                                  1451           b66f000 ( 182.434 MB)   9.29%    8.91%
Stack                                   444           9400000 ( 148.000 MB)   7.53%    7.23%
Free                                   1607           5371000 (  83.441 MB)            4.07%
TEB                                     148            1ad000 (   1.676 MB)   0.09%    0.08%
Other                                   122             c1000 ( 772.000 kB)   0.04%    0.04%
PEB                                       1              3000 (  12.000 kB)   0.00%    0.00%

And I'm sure that it's native app. I know address of region

--- Largest Region by Usage ----------- Base Address -------- Region Size ----------
<unknown>                                    aa20000           5f2e000 (  95.180 MB)

and want to find who allocated this memory. How I can do that?

0:118> !address aa20000

Usage:                  <unknown>
Base Address:           0aa20000
End Address:            1094e000
Region Size:            05f2e000 (  95.180 MB)
State:                  00001000          MEM_COMMIT
Protect:                00000002          PAGE_READONLY
Type:                   00040000          MEM_MAPPED
Allocation Base:        0aa20000
Allocation Protect:     00000002          PAGE_READONLY

Heap function don't work with this peace of memory. I asked about dump with gflags enabled, but now I have to work with data I have. Thank you for your advice!

分享到QQ

分享到微博