On May 11 01:27, Ryan Johnson wrote:
The second (proc-maps-heaps) adds reporting of Windows heaps (or
their bases, at least). Unfortunately there doesn't seem to be any
efficient way to identify all virtual allocations which a heap owns.
There's a call RtlQueryDebugInformation which can fetch detailed heap
information, and which is used by Heap32First/Heap32Last. Using it
directly is much more efficient than using the Heap32 functions. The
DEBUG_HEAP_INFORMATION is already in ntdll.h, what's missing is the
layout of the Blocks info. I found the info by googling:
typedef struct _HEAP_BLOCK
{
PVOID addr;
ULONG size;
ULONG flags;
ULONG unknown;
} HEAP_BLOCK, *PHEAP_BLOCK;
If this information is searched until the address falls into the just
inspected block of virtual memory, then we would have the information,
isn't it?