I've been debugging a heap corruption in a software. I can write data to the heap and get control over some pointers. I can achieve my goal of executing code without knowing this but it confused me a bit.
我一直在调试软件中的堆损坏。我可以将数据写入堆并控制某些指针。我可以在不知道这一点的情况下实现我执行代码的目标,但它让我有点困惑。
The problem is that I can't find in which heap the block that I'm writing to is , nor the heap segments.
问题是我无法在哪个堆中找到我正在编写的块,也不能找到堆段。
I used : !heap -x [address] and !heap -x -v [address] under Windbg and they didn't give me any result. I know that some heaps may reserve another heap segment when no uncommitted space is available in the first one . However, I've dumped all heap segments and I couldn't find anyone with a base address similar to the one I'm looking for.
我在Windbg下使用了:!heap -x [address]和!heap -x -v [address],他们没有给我任何结果。我知道当第一个没有未提交的空间可用时,一些堆可能会保留另一个堆段。但是,我已经转储了所有堆段,我找不到任何具有类似于我正在寻找的基址的人。
It seems a little bit weird to me that there's no process or application specific heap having these blocks !!
对我来说似乎有点奇怪,没有进程或特定于应用程序的堆具有这些块!!
1 个解决方案
#1
4
If the heap is corrupt, the !heap –x command might not work properly,
如果堆已损坏,!heap -x命令可能无法正常工作,
try a !heap –s –v to determine. Sample: Windbg !heap
尝试一下!heap -s -v来确定。示例:Windbg!堆
Do !address , and you should see if the memory is stack or heap.
Do!address,你应该看看内存是堆栈还是堆。
#1
4
If the heap is corrupt, the !heap –x command might not work properly,
如果堆已损坏,!heap -x命令可能无法正常工作,
try a !heap –s –v to determine. Sample: Windbg !heap
尝试一下!heap -s -v来确定。示例:Windbg!堆
Do !address , and you should see if the memory is stack or heap.
Do!address,你应该看看内存是堆栈还是堆。