Memory leak Investigation


I am investigating memory of an application running on 32-bit Win 7, built with mixed mode (VC++ and

I've already gone through the following steps in trying to analyze the cause for the leak:

  1. enabled user mode stack trace database in GFlags

  2. by using UMDH.exe i have ran the difference between to 2 snapshots and i see the highest memory allocation is

    +  243040 ( 15884374 - 15641334) 872075 allocs  BackTrace17A3C8
    +  243026 ( 872075 - 629049)    BackTrace17A3C8 allocations

    It contains only one line without any call stack. which is confusing me.

Further analysis using Windbg :

  1. In Windbg, typing the following command: !heap -stat -h 02150000 (where 2150000 is the address of the heap that has the leak) After comparing multiple dumps, I see that a memory blocks of size 1 are increasing over time and are probably the memory that is leaked.

  2. typing the following command: !heap -flt s 1 gives the UserPtr of those allocations and finally:

  3. typing !heap -p -a address on some of those addresses always shows the following allocation call stack:

    address 0813fe08 found in
    _HEAP @ 2150000
        HEAP_ENTRY Size Prev Flags    UserPtr UserSize - state
        0813fdf0 0004 0000  [00]   0813fe08    00001 - (busy)
        76ecd84c ntdll!RtlAllocateHeap+0x00000274

    which is matching with the UMDH analysis. And here as well I don't see call stack.

Can anyone help me pointing me a direction here ?

asked on Stack Overflow Dec 4, 2017 by KVj • edited Dec 4, 2017 by Thomas Weller

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0