How to use the PageHeap utility to detect memory errors in a Microsoft Visual C++ project (264471)

SUMMARY

The PageHeap utility can be enabled for applications so that all malloc, new, and heapAlloc allocations are monitored automatically for memory errors. This article contains the PageHeap utility, plus a PageHeap1 sample that demonstrates how to use the utility to detect memory errors.

PageHeap1 is a Microsoft Visual C++ project with several types of memory errors. To enable PageHeap on this sample application, type in the following from the command line:

pageheap /enable pgh.exe 0x01

Then, type in the following, and note the application name that PageHeap monitors:

pageheap

For many applications, 0x01 is the only flag you need. You can get more information on its usage by running PageHeap with the question mark flag (/?) from the command line. Windows XP comes with a tool called Application Verifier which ships with the Application Compatibility Toolkit. This tool can be used instead of PageHeap. The Application Verifier can be installed from the Support folder on the Windows XP CD-ROM and is called Act20.exe.

MORE INFORMATION

PageHeap returns a pointer to allocated memory on 8 byte boundaries. The end of the returned pointer is followed by 0 to 7 guard bytes (depending on the size requested, 0 to 7 bytes are added to round up the request size to be on an 8 byte boundry), followed by a memory page marked PAGE_NOACCESS (see VirtualAlloc documentation for more information). For example:

char * p;
p = new char[5];

PageHeap returns a pointer to the 5 bytes plus 3 guard bytes to make up a total of 8 bytes, such as .....XXX . If the memory allocation size is a multiple of eight, there are no guard bytes added to the returned pointer.

If the end of the allocation is overwritten, the guard bytes change and PageHeap causes an Access Violation (AV) when the memory is freed. If the application reads or writes past the allocation (including the guard bytes), it incurs an instant AV.

How to use PageHeap1 sample

Build the pgh project and run the pgh.exe.

Note You must do a release build for PageHeap to work with new/malloc.

Launch the PageHeap1.exe, and note that there is a dialog box pop-up.
On the dialog box, you can see a TextBox, a "Bad Alloc/Free" check box, and three pair of buttons, "new" & "delete", "PageAlloc" & "Heap Free" and "COM new" & "COM Delete". The TextBox takes in the size of memory you want to have allocated. If the "Bad Alloc/Free" check box is selected, each allocation type (new, PageAlloc and COM new) allocates memory and then writes past the allocation. If "bad Alloc" is not checked, no memory overwrite occurs.

Button "new" tests the "new" operator, button "PageAlloc" tests HeapAlloc. The COM new does not use CoTaskMemAlloc but rather calls into a COM DLL that simply calls new. To test "COM new," you must either register r1LeakMemMod.dll or build the r1LeakMemMod project.

You must use a run-time DLL library for PageHeap to work. (From the Visual C++ IDE, Projects\settings\ C++ tab, Category: Code Generation, Use run-time library).
After checking the box of "Bad Alloc/Free," if the memory allocation size is 5 bytes, click on the "new" button, 5 bytes memory will be allocated and "0" is written into the sixth byte. Writing to the sixth byte is an illegal memory overwrite, however it occurs on a guard byte so PageHeap does not detect this error until the memory is deleted. When you click the "delete" button, PageHeap detects the overwrite and you will see an error message box similar to following:
The exception Breakpoint A breakpoint has been reached. (0x80000003) occurred in the application at location 0x77f9f9df.
If you have Visual C++ specified as JIT debugger, you can click on the "Cancel" button and debug into the code.

If you change the allocation size to 8 (or any multiple of 8), selecting new, pageAlloc or "Com New" results in an instant AV because you have written to a address with no access. (i.e., you don't have to delete the memory to detect the error).

Notes

Limitations: PageHeap can only find memory errors from the malloc family (hence C++ operator new) and heapAlloc. Many applications use custom allocators and PageHeap is unable to intercept these allocations.
When you have finished testing an application run

pageheap /disable <appName>

from the command line to turn off PageHeap for that application.
PageHeap enabled applications can consume much more memory than the same application without PageHeap enabled. You may have to increase your swap file to satisfy the increased memory demand.

The following files are available for download from the Microsoft Download Center:

Visual C++ 6.0

Download Pageheap1.exe now

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Visual C++ .NET

Download Pageheap1vcnet.exe now

Release Date: June 25, 2002

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services