Windows下一般使用gflags + umdh分析堆内存泄露
设置gflags.exe
以管理员权限运行cmd
(1) 设置symbol 环境变量
set _NT_SYMBOL_PATH=srv*D:\Symbol*http://msdl.microsoft.com/download/symbols;C:\Users\John\Desktop\Creator Magic\VirtualPrinter\TempFiles
(2) 运行gflags.exe
gflags.exe /i splwow64.exe +ust
(3) 发现内存泄露,用umdh第一次做快照
umdh.exe -pn:splwow64.exe -f:snap1.log
(4) 程序运行一段时间,第二次做快照
umdh.exe -pn:splwow64.exe -f:snap2.log
(5) 生成差异文件
umdh.exe -d snap1.log snap2.log -f:result.txt
(6) 查看差异文件("C:\Program Files\Windows Kits\10\Debuggers\x64" 下)
发现增加了26个0x58=2288/26大小的内存块, 很可能这里产生泄露
//
// Each log entry has the following syntax:
//
// + BYTES_DELTA (NEW_BYTES - OLD_BYTES) NEW_COUNT allocs BackTrace TRACEID
// + COUNT_DELTA (NEW_COUNT - OLD_COUNT) BackTrace TRACEID allocations
// ... stack trace ...
//
// where:
//
// BYTES_DELTA - increase in bytes between before and after log
// NEW_BYTES - bytes in after log
// OLD_BYTES - bytes in before log
// COUNT_DELTA - increase in allocations between before and after log
// NEW_COUNT - number of allocations in after log
// OLD_COUNT - number of allocations in before log
// TRACEID - decimal index of the stack trace in the trace database
// (can be used to search for allocation instances in the original
// UMDH logs).
//
为了进一步确认,用procexp64抓dump分析
(1) !heap –s 查看当前进程所有堆的摘要信息
(2) !heap -l 检测 leaked heap blocks
(3) !heap -stat -h 查看堆的使用情况统计
(4) !heap -flt s 查看指定大小的heap allocations
(5) !heap -p -a 查看指点UserPtr对应的调用栈
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
