TechQA.

Why does User-Mode Dump Heap (UMDH) not detect BSTR-Leaks in x64 applications?

195 views Asked by At

I've had great success in finding memory leaks via GFLAGS and UMDH. However, I just discovered that UMDH somehow does not see BSTR-Leaks in 64 bit applications. Does anyone know why that is? Is it a bug in UMDH? A change in how the Heap-Manager works for x64 applications? Where can I even report such issues to Microsoft?

I investigated this issue with a small test executable like this:

int main()
{
    while (true)
    {
        BSTR sLeak = CComBSTR("I am a leaky BSTR. Please find me!").Detach();
        Sleep(16);
    }

    return 0;
}

Here is the UMDH-output for the x86 test executable. The leak is visible!

+ 2878464 ( 3597312 - 718848)   2342 allocs BackTrace53973BC
+    1874 (   2342 -    468)    BackTrace53973BC    allocations

    ntdll!RtlWalkHeap+194
    ntdll!RtlAllocateHeap+10DC
    ntdll!RtlAllocateHeap+3E
    combase!PropVariantCopy+456
    OLEAUT32!SysAllocString+10F
    OLEAUT32!SysAllocStringLen+40
    LeakTestCom!main+48 (d:\...\leaktestcom\leaktestcom.cpp, 78)
    LeakTestCom!__scrt_common_main_seh+FA (d:\agent\_work\3\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl, 288)
    KERNEL32!BaseThreadInitThunk+19
    ntdll!RtlGetAppContainerNamedObjectPath+11E
    ntdll!RtlGetAppContainerNamedObjectPath+EE

-     288 (      0 -    288)      0 allocs  BackTrace26DADAC
-       3 (      0 -      3)    BackTrace26DADAC    allocations

    ntdll!RtlWalkHeap+194
    ntdll!RtlAllocateHeap+10DC
    ntdll!RtlAllocateHeap+3E
    ntdll!TpSetWaitEx+552
    ntdll!TpCallbackIndependent+208
    KERNEL32!BaseThreadInitThunk+19
    ntdll!RtlGetAppContainerNamedObjectPath+11E
    ntdll!RtlGetAppContainerNamedObjectPath+EE

-    1380 (      0 -   1380)      0 allocs  BackTrace26DAE00
-       3 (      0 -      3)    BackTrace26DAE00    allocations

    ntdll!RtlWalkHeap+194
    ntdll!RtlAllocateHeap+10DC
    ntdll!RtlAllocateHeap+3E
    ntdll!TpCallbackIndependent+7F0
    KERNEL32!BaseThreadInitThunk+19
    ntdll!RtlGetAppContainerNamedObjectPath+11E
    ntdll!RtlGetAppContainerNamedObjectPath+EE


Total increase == 2876796 requested + 134772 overhead = 3011568

And here is the UMDH output for the x64 test executable. As you can see, the BSTR allocations are not visible.

-     136 (      0 -    136)      0 allocs  BackTraceD670D5C4
-       1 (      0 -      1)    BackTraceD670D5C4   allocations

    ntdll!RtlAllocateHeap+AFD
    ntdll!TpReleaseCleanupGroupMembers+1D51
    ntdll!TpReleaseCleanupGroupMembers+4F0
    KERNEL32!BaseThreadInitThunk+14
    ntdll!RtlUserThreadStart+21

-    2736 (      0 -   2736)      0 allocs  BackTraceD670DA44
-       3 (      0 -      3)    BackTraceD670DA44   allocations

    ntdll!RtlAllocateHeap+AFD
    ntdll!TpReleaseCleanupGroupMembers+B5C
    KERNEL32!BaseThreadInitThunk+14
    ntdll!RtlUserThreadStart+21


Total decrease ==   2872 requested +    200 overhead =   3072
c++ memory-leaks com ole umdh
Original Q&A
0

There are 0 answers

Related Questions in C++

Related Questions in MEMORY-LEAKS

Related Questions in COM

Related Questions in OLE

Related Questions in UMDH

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions