MemSpyy
Recently over at If broken it is, fix it you should, Tess Ferrandez posted about a cool memory application that uses output gathered from windbg to show you information graphically. I have written a similar application a few months back, and thought I would scrub it, and share the source. I originally used VisualStudio 2003, but loaded it into 2008, and verified it all builds & runs. I did get a bunch of warnings.
The most interesting thing about this application is that it uses some DLLInjection code from Robert Kuster to run some heap walking code inside the process being viewed. This is the code in question:
MEMORYSTATUSEX statex;statex.dwLength = sizeof (statex); GlobalMemoryStatusEx (&statex); g_UncommittedSize = statex.ullAvailVirtual; PROCESS_HEAP_ENTRY heapEntry;memset(&heapEntry,0,sizeof(heapEntry)); while(HeapWalk(GetProcessHeap(), &heapEntry)) g_UncommittedSize += heapEntry.cbData;
Fairly straightforward code, but I can’t figure out how to get that information out of proc.
I thought this would be a good chance to try out CodePlex as well, so I uploaded the source there. CodePlex is pretty nice, basically very similar to GoogleCode and other sites. I was initially excited to try out some VisualStudio integration, but I couldn’t get it to install properly, and got frustrated. I ended up just using TortoiseSVN.
Thanks a lot for this tool! Developers ask me to provide some tool to debug VM-allocation related problems with their own and 3-rd party executables, and this one looks the best available.
Thanks for pointing me to your application! I added it to memory visualization tool links:
http://www.dumpanalysis.org/blog/index.php/2010/04/29/memory-map-visualization-tools-revised/
Open a process handle with OpenProcess.
You can put VirtualQueryEx into a loop to query against a 32-bitprocess memory space.
What I like about this scheme is that no hooking is involved!
I am not sure if a ‘visualizer’ should be made large address aware to scan into another process which might honor the /3GB seitch being set. Such an application’s virutal address space can go up to 3 GB instead of being limited to only 2 GB.
I have used such a scheme to log some of the memory data to a CSV file to track the ‘profile’ of an application’s memory usage over time. Have not got around to making a picture yet.
Yes, essentially, that is what MemSpyy does, but then also does the heap walking (which can only be done in proc, thus requiring injection). Actually, as a side note, there is a big memory leak in this code, so be careful. For my production version of this I use at my day job, I removed the injection code completely, cause it was just too leaky and I didn’t have time to fix it properly.