Mnemonics for remembering what each fill-pattern means:
- The newly allocated memory (0xCD) is Clean memory.
- The free()d memory (0xDD) is Dead memory.
- The guard bytes (0xFD) are like Fences around your memory
I called malloc(8) followed by free() and stepped through the CRT calls to see how the memory was changed. Read the columns from left to right, and you will see what values appear in memory at various stages during malloc() and free(). The call to malloc(8) returned a block at address 0x00321000, and I've included offsets from that address so that you can find out the information for one of your allocations.
| Address | Offset | After HeapAlloc() | After malloc() | During free() | After HeapFree() | Comments |
| 0x00320FD8 | -40 | 0x01090009 | 0x01090009 | 0x01090009 | 0x0109005A | Win32 heap info |
| 0x00320FDC | -36 | 0x01090009 | 0x00180700 | 0x01090009 | 0x00180400 | Win32 heap info |
| 0x00320FE0 | -32 | 0xBAADF00D | 0x00320798 | 0xDDDDDDDD | 0x00320448 | Ptr to next CRT heap block (allocated earlier in time) |
| 0x00320FE4 | -28 | 0xBAADF00D | 0x00000000 | 0xDDDDDDDD | 0x00320448 | Ptr to prev CRT heap block (allocated later in time) |
| 0x00320FE8 | -24 | 0xBAADF00D | 0x00000000 | 0xDDDDDDDD | 0xFEEEFEEE | Filename of malloc() call |
| 0x00320FEC | -20 | 0xBAADF00D | 0x00000000 | 0xDDDDDDDD | 0xFEEEFEEE | Line number of malloc() call |
| 0x00320FF0 | -16 | 0xBAADF00D | 0x00000008 | 0xDDDDDDDD | 0xFEEEFEEE | Number of bytes to malloc() |
| 0x00320FF4 | -12 | 0xBAADF00D | 0x00000001 | 0xDDDDDDDD | 0xFEEEFEEE | Type (0=Freed, 1=Normal, 2=CRT use, etc) |
| 0x00320FF8 | -8 | 0xBAADF00D | 0x00000031 | 0xDDDDDDDD | 0xFEEEFEEE | Request #, increases from 0 |
| 0x00320FFC | -4 | 0xBAADF00D | 0xFDFDFDFD | 0xDDDDDDDD | 0xFEEEFEEE | No mans land |
| 0x00321000 | +0 | 0xBAADF00D | 0xCDCDCDCD | 0xDDDDDDDD | 0xFEEEFEEE | The 8 bytes you wanted |
| 0x00321004 | +4 | 0xBAADF00D | 0xCDCDCDCD | 0xDDDDDDDD | 0xFEEEFEEE | The 8 bytes you wanted |
| 0x00321008 | +8 | 0xBAADF00D | 0xFDFDFDFD | 0xDDDDDDDD | 0xFEEEFEEE | No mans land |
| 0x0032100C | +12 | 0xBAADF00D | 0xBAADF00D | 0xDDDDDDDD | 0xFEEEFEEE | Win32 heap allocations are rounded up to 16 bytes |
| 0x00321010 | +16 | 0xABABABAB | 0xABABABAB | 0xABABABAB | 0xFEEEFEEE | Win32 heap bookkeeping |
| 0x00321014 | +20 | 0xABABABAB | 0xABABABAB | 0xABABABAB | 0xFEEEFEEE | Win32 heap bookkeeping |
| 0x00321018 | +24 | 0x00000010 | 0x00000010 | 0x00000010 | 0xFEEEFEEE | Win32 heap bookkeeping |
| 0x0032101C | +28 | 0x00000000 | 0x00000000 | 0x00000000 | 0xFEEEFEEE | Win32 heap bookkeeping |
| 0x00321020 | +32 | 0x00090051 | 0x00090051 | 0x00090051 | 0xFEEEFEEE | Win32 heap bookkeeping |
| 0x00321024 | +36 | 0xFEEE0400 | 0xFEEE0400 | 0xFEEE0400 | 0xFEEEFEEE | Win32 heap bookkeeping |
| 0x00321028 | +40 | 0x00320400 | 0x00320400 | 0x00320400 | 0xFEEEFEEE | Win32 heap bookkeeping |
| 0x0032102C | +44 | 0x00320400 | 0x00320400 | 0x00320400 | 0xFEEEFEEE | Win32 heap bookkeeping |
No comments:
Post a Comment