ThinkChat2.0新版上线,更智能更精彩,支持会话、画图、视频、阅读、搜索等,送10W Token,即刻开启你的AI之旅 广告
1.     必须在命令行中设置为要分析的进程打开用户堆栈信息:C:\Program Files\Debugging Tools for Windows (x64)>gflags.exe -iYourDebugProcess.exe +ust 2.     必须是Debug版本的进程 3.     设置好windbg的pdb路径,即symbol path 4.     利用windbg的AttachToProcess (貌似后面这个方案不行:在目标机器上产生转储文件(dump)然后用windbg分析)。 5.     利用!heap命令 示例: 0:032> !heap -s NtGlobalFlag enables following debugging aids for new heaps:    stack back traces LFH Key                   : 0x00000052389f3a7e Termination on corruption : ENABLED          Heap     Flags   Reserv  Commit  Virt   Free  List   UCR  Virt  Lock  Fast                            (k)     (k)    (k)     (k) length      blocks cont. heap ------------------------------------------------------------------------------------- 0000000001b40000 08000002    1024    828   1024     19    20     1    0      0   LFH 0000000000010000 08008000      64      8     64      5     1     1    0      0      0000000000020000 08008000      64     64     64     61     1     1    0      0      0000000001d30000 08001002    1088    308   1088     18     2     2    0      0   LFH 00000000036b0000 08001002     512    288    512      7     9     1    0      0   LFH 0000000001c60000 08001002  355456 338872 355456   7750   140    26    0      0   LFH 0000000003e40000 08001002     512    260    512      7     2     1    0      0   LFH 0000000003f80000 08001002      64      8     64      3     1     1    0      0      0000000004040000 08001002      64      8     64      3     1     1    0      0      00000000048c0000 08011002     512      8    512      3     2     1    0      0      00000000049e0000 08001002     512      8    512      3     2     1    0      0      0000000004850000 08001002    3136   2192   3136    403     6     3    0      0   LFH    External fragmentation  18 % (6 free blocks) 0000000006d30000 08001002    1088    288   1088      5     2     2    0      0   LFH 00000000049a0000 08001002    1088    544   1088    265     4     2    0      0   LFH 00000000048a0000 08001002    1088    288   1088      9     3     2    0      0   LFH 00000000079d0000 08001002    1088    288   1088      9     3     2    0      0   LFH 0000000007b30000 08001002    1088    288   1088      9     3     2    0      0   LFH 0000000004c10000 08001002    1088    288   1088      9     3     2    0      0   LFH 0000000008820000 08001002    1088    288   1088      9     3     2    0      0   LFH 0000000008d80000 08001002    1088    288   1088     13     3     2    0      0   LFH 0000000004c00000 08001002    1088    288   1088      9     3     2    0      0   LFH 0000000006ce0000 08001002    1088    288   1088      9     3     2    0      0   LFH 0000000004940000 08001002    1088    288   1088      9     3     2    0      0   LFH 000000000a510000 08001002    1088    288   1088      9     3     2    0      0   LFH 000000000a780000 08001002    1088    292   1088     12     4     2    0      0   LFH 0000000008d70000 08001002    1088    256   1088      8     3     2    0      0   LFH 000000000b1a0000 08001002     512      8    512      2     1     1    0      0      ------------------------------------------------------------------------------------- 0:032> !heap -stat -h 0000000001c60000 heap @ 0000000001c60000 group-by: TOTSIZE max-display: 20    size     #blocks     total     ( %) (percent of total busy bytes)    80034 261 - 13087bb4  (96.84)    8c 3579 - 1d3e2c  (0.58)    44 4a8a - 13cca8  (0.39)    5c 35c9 - 13543c  (0.38)    12c d0b - f48e4  (0.30)    54 2a65 - de924  (0.28)    4c 2c7f - d35b4  (0.26)    6c e53 - 60b04  (0.12)    1825c 3 - 48714  (0.09)    8034 8 - 401a0  (0.08)    2003e 2 - 4007c  (0.08)    834 64 - 33450  (0.06)    64 815 - 32834  (0.06)    74 5a0 - 28c80  (0.05)    4034 9 - 241d4  (0.04)    84 273 - 1434c  (0.03)    402c 4 - 100b0  (0.02)    10034 1 - 10034  (0.02)    1035 f - f31b  (0.02)    94 185 - e0e4  (0.02) 0:032> !heap -flt s 80034    _HEAP @ 1b40000    _HEAP @ 10000    _HEAP @ 20000    _HEAP @ 1d30000    _HEAP @ 36b0000    _HEAP @ 1c60000              HEAP_ENTRY Size Prev Flags            UserPtr UserSize - state        00000000102e5a40 8006 0000  [00]   00000000102e5a70    80034 - (busy)        0000000010365aa0 8006 8006  [00]   0000000010365ad0    80034 - (busy)        0000000010402210 8006 8006  [00]   0000000010402240    80034 - (busy)        0000000010482270 8006 8006  [00]   00000000104822a0    80034 - (busy)        00000000105022d0 8006 8006  [00]   0000000010502300    80034 - (busy)        00000000105e9630 8006 8006  [00]   00000000105e9660    80034 - (busy)       ...............        00000000250306d0 8006 8006  [00]   0000000025030700    80034 - (busy)        00000000250b0730 8006 8006  [00]   00000000250b0760    80034 - (busy)        0000000025130790 8006 8006  [00]   00000000251307c0    80034 - (busy)        00000000251b07f0 8006 8006  [00]   00000000251b0820    80034 - (busy)        0000000025230850 8006 8006  [00]   0000000025230880    80034 - (busy)        00000000252b08b0 8006 8006  [00]   00000000252b08e0    80034 - (busy)        0000000025330910 8006 8006  [00]   0000000025330940    80034 - (busy)        00000000253b0970 8006 8006  [00]   00000000253b09a0    80034 - (busy)        00000000254309d0 8006 8006  [00]   0000000025430a00    80034 - (busy)        00000000254b0a30 8006 8006  [00]   00000000254b0a60    80034 - (busy)        0000000025530a90 8006 8006  [00]   0000000025530ac0    80034 - (busy)        00000000255b0af0 8006 8006  [00]   00000000255b0b20    80034 - (busy)        0000000025630b50 8006 8006  [00]   0000000025630b80    80034 - (busy)        00000000256b0bb0 8006 8006  [00]   00000000256b0be0    80034 - (busy)        0000000025780070 8006 8006  [00]   00000000257800a0    80034 - (busy)        00000000258000d0 8006 8006  [00]   0000000025800100    80034 - (busy)    _HEAP @ 3e40000    _HEAP @ 3f80000    _HEAP @ 4040000    _HEAP @ 48c0000    _HEAP @ 49e0000    _HEAP @ 4850000    _HEAP @ 6d30000    _HEAP @ 49a0000    _HEAP @ 48a0000    _HEAP @ 79d0000    _HEAP @ 7b30000    _HEAP @ 4c10000    _HEAP @ 8820000    _HEAP @ 8d80000    _HEAP @ 4c00000    _HEAP @ 6ce0000    _HEAP @ 4940000    _HEAP @ a510000    _HEAP @ a780000    _HEAP @ 8d70000    _HEAP @ b1a0000 0:032> !heap -p -a 0000000025030700       address 0000000025030700 found in    _HEAP @ 1c60000              HEAP_ENTRY Size Prev Flags            UserPtr UserSize - state        00000000250306d0 8006 0000  [00]   0000000025030700    80034 - (busy)        76efcc0d ntdll! ?? ::FNODOBFM::`string&apos;+0x000000000001913b        fbaf4fd MSVCR100D!heap_alloc_base+0x000000000000005d        fbc1efd MSVCR100D!nh_malloc_dbg+0x00000000000003bd        fbc1c09 MSVCR100D!nh_malloc_dbg+0x00000000000000c9        fbc1b89 MSVCR100D!nh_malloc_dbg+0x0000000000000049        fbc617a MSVCR100D!malloc+0x000000000000002a ***WARNING: Unable to verify checksum for D:\XXXXXXX\XXXXXXXXX.dll        7febb5c37e1 XXXXXXXXXXXXXXXXXX!XXXXXX::XXXX::TransformPixelData+0x00000000000009a1        7febb5c1ad8 XXXX!XXXXXXXX::DcmPixelTransform::UpdateTags+0x0000000000000258        7febb5dca4c XXXXXXXX!XXXXXX::XXXXXXX::UpdatePixelDataByPSR+0x000000000000017c        7febb5e07f5 XXXXXX!XXXXXXX::XXXXXXXXX::RenderToOverlay+0x0000000000000055        7febb5df0b2 XXXXXXXXXXXX!XXXXXXXXXX::XXXX::ExportBySpecifiedMode+0x00000000000005b2        7feb800918f XXXXXXXXXXXXX!XXXX::XXXXXXXXX::ExportGSPSInfoBySpecifiedMode+0x0000000000000daf        7feb808fb89 XXXXXXXXXXXX!XXXXXXX::XXXXXXXXXXXX::storeSCU+0x0000000000000c29        7feb808e628 XXXXXXXXXXXX!XXX::XXXX::DoRealStore+0x0000000000000438        7feb80a763a XXXXXXXX!boost::_bi::list0::operator()<void (__cdecl*)(void),boost::_bi::list0>+0x000000000000003a        7feb80a75c1 xxxxxxxxxXXX!boost::_bi::bind_t<void,void (__cdecl*)(void),boost::_bi::list0>::operator()+0x0000000000000061        7feb80a753f xxxxxxxxxx!boost::detail::thread_data<boost::_bi::bind_t<void,void (__cdecl*)(void),boost::_bi::list0> >::run+0x000000000000002f        7feb82ef7a7 XxxxxX!boost::`anonymous namespace&apos;::thread_start_function+0x0000000000000037        fab72e5 MSVCR100D!beginthreadex+0x00000000000002d5        fab72a4 MSVCR100D!beginthreadex+0x0000000000000294        76d5652d kernel32!BaseThreadInitThunk+0x000000000000000d        76e8c521 ntdll!RtlUserThreadStart+0x000000000000001d