Analysis of the realization of heap in Win2K (HEAP)

zhaozj2021-02-16 36

On Win2K heap (Heap) implementation of: JIURL Home: http://jiurl.yeah.net/ Date: 2003-5-23

The first prequest about the implementation of Win2K pile and the data structure inside, there is no official description (almost so saying), as long as a few articles about the piles, it is still full of errors (poor) Nice, you can say this). This article obtains knowledge by analyzing, experimenting, and guessing, and it may be full of mistakes, and everyone will take care. I have recently learned a Windows system. If you are interested, there is time, there is also a matter of ability. Very very welcome to contact me, maybe you can help each other. This article is just a semi-finished product, and many places have no detailed, and you are very very welcome to supplement this article, design more tests, and more about the piles, I will tell me. Find errors must also tell me. Welcome everyone to see http://jiurl.cosoft.org.cn/forum/ http://jiURL.Yeah.net/ Second for the pile of dynamic memory applications and release in the plot (HEAP) Up to C New, delete, etc., for example, Malloc, Free, C . A process can have multiple stacks, each process has a default heap called process stack (you can use getProcessheap to live this pile of handles, this handle is the linear address at this pile). In the executable (that is, PE files, PE is the OptionalHeader in the PE Header of PE Header, which can also see the two domains of the process stack, SizeOfheapReserve SizeOfheapCommit, SizeOfheapReserve, said preserved for the process. The address space, SizeOfheapCommit indicates the actual physical memory submitted for the process pile. Let's take a look at the problem that you will encounter in use. A program is dynamically applied for a number of small and small memory in some time, and the situation is shown in Figure 1. After a while, the program released the memory of several of the applications, so that the situation in the heap is shown in Figure 2 (the white portion represents the free idle memory, the blue portion indicates the application). You can see that some small pieces of idle memory appear in Figure 2. If you want to apply for memory, what will happen? 2, 4, 5 is now idle block, if the size can meet the needs, you can use it to meet the application. In order to be able to have a relatively large continuous block, the continuous free blocks of 4, 5 should also be combined into one. In order to use those idle blocks, you must know their location, and size. In order to have a relatively large idle block, close to the idle blocks need to be merged. Then apply for it, find each idle block, and determine whether the size can be met, once it can be satisfied, it will be used immediately. The above problems determine the implementation of the heap. From the above description we can find a problem with the pile, that is, the application and release of the memory on the pile is relatively slow, and the time is time (this is relative to the memory used in the stack), and it is more comparison Yes. For example, when the memory is released, it is not necessary to merge the memory block. When you apply, you may find the right free block once again, you can find the first idle block, find the size is not suitable, so find a vacant block, find the size and not suitable, just find this 49 times, I found the right idle block. It can be seen that the painting time is prone to, maybe it is 1 time, maybe it is 49 times. Let's take a look at the implementation of the Heap in Win2K.

The third brief analysis of the implementation of the debugging environment in Win2K, WIN2K VC6 Softice, pay attention to the structure in the HEAP compiled by Debug and the structure in the HEAP compiled by Release, is not the same. We only analyze the HEAP of the Release program here. The idea is like this, first create a heap with HeapCreate, there is no dynamic application. Then save this time in the pile of this time. Then do some operations for this pile, apply for several memory, then release a few pieces. Then save the content of the heap of this time. Use the program as follows #include #include #define n_buf 8void main () {handle hheap; hheap = heapcreate (null, 0x1000, 0 x10000); // getch ); // First use the first getch () to stop the program after heapcreate, then save the pile of content using the SoftICE. Char * buf [n_buf]; char STR [14] = "aaaaaaaaaaaaaa"; INT i; for (i = 0; I

.R ..... 0010: 00520060 00000000 00000000 00000000 00000000 ................ 0010: 00520070 00000000 00000000 00000000 00000000 ............. ... 0010: 0,052,008,000,000,000 00000000 00000000 ................ 0010: 0,052,009,000,000,000 00000000 00000000 ................ 0010 005200000020010 0000-00.00.00000000000000000000000000000000002000000000000-002 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00-00 0000-00 0000-00-00 0000-00-00 0000-00-00 0000-00 0000-00-00 0000-00-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 00000000 00000000 ................ 0010: 005200D0 00000000 00000000 00000000 00000000 ................ 0010: 005200E0 00000000 00000000 00000000 00000000 .. .............. 0010: 005200F0 00000000 00000000 0000000000000000000000000000000000000000000000000000000000 0000000000000000 ... .......... 0010: 00520110 00000000 000,000 00000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000 .......... ... 0010: 00520130 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000 ........... ..001 0: 00520150 00000000 00000000 00000000 00000000 ................ 0010: 00520160 00000000 00000000 0000FFFF 00000000 ................ 0010: 00520170 00000000 00000000 00520688 00520688 ........ r ... r.0010: 00520180 00520180 00520180 00520188 00520188 ..R ... r ... r ... r.0010 00520190 00520198 00520198. .R ... r ... r ... r.0010: 005201A0 005201A0 005201A0 005201A8 005201A8 ..r ... r ... r ... r.0010: 005201B005201B0 005201B0 005201B8 005201B8 ..R.. .R ... r ... r.0010: 005201C0 005201C0 005201C0 005201C8 005201C8 ..r ... r ... r ... r.0010: 005201D0 005201D0 005201D0 005201D8 005201D8 ..r ... r .. .R ... r.0010: 005201E0 005201E8 005201E8 ..r ... r ... r ... r.0010: 005201F0 005201F0 005201F0 005201F8 005201F8 ..r ... r ... r .. .R.0010:

00520200 005208 0052080 ..r ... r ... r ... r.0010 00520210 00520210 00520210 00520210 00520210 00520218 00520218 ..r ... r ... r ... r.0010: 00520220 00520220 00520220 00500520220 00520220 0052000520220 0052000520228 00520228.R. .. R.0010 00520230 00520230 00520230 00520230 00520238 0.R.0.R.8.R.8.R.0010 00520240 00520248 00520240 00520248 00520240 00520248 00520240 00520248 00520248 @ .r. @ .RHRHR0010: 00520250 00520250 00520250 00520258 00520258 PRPRXRXR0010: 00520260 00520260 00520260 00520268 00520268 `.R.`.RhRhR0010: 00520270 00520270 00520270 00520278 00520278 pRpRxRxR0010: 00520280 00520280 00520280 00520288 00520288 ..R ... R ... R ... r.0010: 00520290 00520290 00520290 00520298 00520298 ..r ... r ... r ... r.0010: 005202A0 005202A0 005202A0 005202A8 005202A8 ..R ... r ... r ... r .0010: 005202B0 005202B0 005202B8 ..r ... r ... r ... r.0010: 005202C0 005202C0 005202C0 005202C8 005202C8 ..r ... r ... r ... r.0010: 005202D0 005202d8 005202d8 ..r ... r ... r ... r.0010: 005202E0 005202E0 005202E0 005202E8 005202E8 ..r ... r ... r ... r.0010: 005202F0 00 5202F8 005202F8 ..r ... r ... r ... r.0010: 00520300 00520300 00520300 00520308 00520308 ..R ... r ... r ... r.0010 00520310 00520300520 00520318 00520318 ..R ... r ... r ... r.0010 00520320 00520328 00520328 .r. .R. (. R. (. R.0010 00520330 00520338 00520338 0.). R.8.R.8.R.0010: 00520340 00520340 00520340 00520348 00520348 @ .R @ RHRHR0010:.. 00520350 00520350 00520350 00520358 00520358 PRPRXRXR0010: 00520360 00520360 00520360 00520368 00520368 `.R.`

.Rhrhr0010: 00520370 00520378 00520378 prprxr0010: 00520380 00520380 00520380 005203800520388 ..r ... r ... r ... r.0010 00520390 00520390 00520390 00520398 00520398 ..r ... r ... R ... r.0010: 005203A0 005203A0 005203A0 005203A8 005203A8 ..R ... r ... r ... r.0010: 005203B0 005203B0 005203B0 005203B8 005203B8 ..R ... r ... r ... R.0010: 005203C0 005203C8 005203C8 ..r ... r ... r ... r.0010: 005203D0 005203D0 005203D0 005203D8 005203D8 ..r ... r ... r ... r.0010: 005203E0 005203E0 005203E8 ..r ... r ... r ... r.0010: 005203F0 005203F0 005203F0 005203F8 005203F8 ..r ... r ... r ... r.0010: 00520400 00520400 00520400 00520400 00520400 00520400 00520400 00520400 00520400 00520400 00520400 00520400 00520400 00520408 00520408 ..r ... r ... r ... r.0010 00520410 00520410 00520410 00520418 00520418 ..r ... r ... r ... r.0010: 00520428 00520428 .r. . R.0010: 00520430 00520430 00520430 00520430 00520438 0.0.R.8.R.8.R.0010: 0052040 00520440 0052040 00520440 0052040 00520440 0052040 0052048 0052048 0052048 0052048 @ .r. @. Rhrhr0010: 00520450 00520450 00520450 00520458 00520458 PrprxRXR 00520460 00520460 00520468 00520468 `.r.`

.RhrHr0010: 00520470 00520478 00520478 prprxr0010 00520480 00520480 00520480 0052048 00520488 ..r ... r ... r ... r.0010 00520490 00520490 00520490 00520498 00520498 00520498 00520498 ..r ... r ... R ... r.0010: 005204A0 005204A0 005204A0 005204A8 005204A8 ..R ... r ... r ... r.0010: 005204B0 005204B0 005204B0 005204B8 005204B8 ..r ... r ... r ... R.0010: 005204C0 005204C8 005204C8 ..r ... r ... r ... r.0010: 005204D0 005204D0 005204D0 005204D8 005204D8 ..r ... r ... r ... r.0010: 005204E0 005204E8 005204E8 005204E8 005204E8 ..r ... r ... r ... r.0010: 005204F0 005204F0 005204F0 005204F8 005204F8 ..r ... r ... r ... r.0010: 00500 0052050 00 00500 00520508 00520508 ..r ... r ... r ... r.0010 00520510 00520510 00520510 00520518 00520518 ..r ... r ... r ... r.0010: 00520528 00520528.R. (. R. (. R. (. R. (. R.0010 00520530 00520530 00520530 00520538 00520538 0.0.R.8.R.8.R.0010 00520540 00520540 00520540 00520540 00540 00520548 00520540 00520548 00548 @ .r. @. Rhrhr0010: 00520550 00520550 00550 0052058 005558 prprxrxr 0010: 00520560 00520568 00520568 `.r.`rhrhr0010: 00520570 0052070 00520570 0052060 00000000 prpr.com .R.0010 00000000 00 005205A8 00000000 ........ r ..... 0010: 005205A0 00000000000000 005205B8 00000000 005205B8 00000000 ........ r ..... 0010 005205000000-008 0000-00 0000-00 0000-00 0000-00-00 0000-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00-00 0000-00-00 005205e8 00000000 ........ r ..... 0010: 005205E0 0000000000000000 005205F8 00000000 ... .............. 0010: 00520600 0000000000000000 77FCD640 fffffff ........ @

..w .... 0010: 00520610 000000000000000000000030 00000000 ........ 0 ....... 0010: 00520620 聽 0000000 000,000 00000000 000,000 ........... ... 0010: 00520630 000000000000000010 0000000000000000000010 0010: 00520640 00c80008 00000100 ffeeffee 00000000 ................ 0010 005200010, China: 005200000000000000002000000002 0000, 0000-00-00 0000-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 0000-00 0000-00-00 0000-00-00 0000-00 0000-00-00 0000-00-00 0000-00-00 00520680 00000000 ..r ....... r ..... 0010: 00520680 00080130 00001000 00520178 00520178 0 ....... XRXR0010: 00520690 00000000 000,000 00000000 000,00000000000000000000000000000000000000000 ..... 0010: 005206A0 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 million ... 0010: 005206C0 00000000 00000000 00000000 00000000 ................ 0010: 005206D0 00000000 00000000 00000000 00000000 ................ 0010 00520600000020000-008 0000-00 0000-00-00 0000-00 0000-00 0000-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00-00 0000-00-00 0000-00 0000-00-00 0000-00-00 0: 00520700 00000000000000000000000000000000000000002 00000000000000000000002 0000-00-00 0000-00-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 0000-00-00 00000000 000,000 00000000 ................ 0010: 00520730 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000. ............. 0010: 00520750 0000000000000000 聽 0000000 000,000 ....................................................................................................................................................................................................................................................................................................... ......... 0010: 00520770 00000000 00000000 聽 0000000000000000000000000000000000000000000000000000000000000 ......... ..... 0010: 00520790 @ 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 million ... 0010:

005207B0 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000 00000000 .............. 0010: 005207E0 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ... ........... 0010: 00520800 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ......... 0010: 0,052,082,000,000,000 00000000 00000000 ................ 0010: 0,052,083,000,000,000 00000000 00000000 ........... ..... 0010: 0,052,084,000,000,000 00000000 00000000 ................ 0010: 0,052,085,000,000,000 00000000 00000000 ............... .0010: 00520860 00000000 000,000 00000000 000,000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 million) 0000000010 000,000 00000000 000,000 000 00 ... 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 million ................ 0010: 00520D0 00000000 00000000 聽 0000000000000000000000000000000000000000000000000000000 ... .............. 0010: 005208F0 00000000 00000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ........ ........ 0010: 00520910 00000000 000,000 00000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000 .... 0010: 00520930 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 million ... 0010:

00520950 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000 ................ 0010: 00520980 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 million ... ........... 0010: 005209A0 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ....... ....... 0010: 005209C0 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 million ........... ..... 0010: 005209E0 00000000 00000000 00000000 00000000 ................ 0010: 005209F0 00000000 00000000 00000000 00000000 ............... .0010: 00520A00 00000000 00000000 00000000 00000000 ................ 0010: 00520A10 00000000 00000000 00000000 00000000 ................ 0010: 00520A20 00000000 00000000 00000000 00000000 ................ 0010: 00520A30 00000000 00000000 00000000 00000000 ................ 0010: 00520A40 0 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 million ................ 0010: 00520A70 00000000 00000000 00000000 000,000 .................. 0010: 00520A80 00000000000000 00000000000000 ... ............ 0010: 00520A90 00000000 000,000 00000000 000,000 .................. 0010: 00520AA0 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000 ........ 0010: 00520AB00000000 聽 0000000 00000000 00000000 0000000000000000000000000000000000000000000000000000000000000000000 00000000 ............ ..... 0010:

00520AF0 00000000 000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 q 00000000 ................ 0010: 00520B20 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000 00000000 ... ........... 0010: 00520B40 00000000 00000000 00000000 000,000 ................ 0010: 00520B50 0000000000000000000000000000 ... ....... 0010: 00520B60 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 000,000 ... ..... 0010: 00520B80 000000 000 million .................. 0010: 00520B90 000000000000000000000000000000, ............... .0010: 00520BA0 00000000 00000000 00000000 00000000 ................ 0010: 00520BB0 00000000 00000000 00000000 00000000 ................ 0010: 00520BC0 00000000 00000000 00000000 00000000 ................ 0010: 00520BD0 00000000 00000000 00000000 00000000 ................ 0010: 00520BE0 0 0000000010 000,000 .................. 0010: 00520BF0 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000 ................ 0010: 00520C10 00000000 00000000 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000 .... ............ 0010: 00520C30 00000000 00000000 00000000 00000000 ................ 0010: 00520C40 00000000 00000000 00000000 00000000 ........ ........ 0010: 00520C50 00000000 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000 ... .... 0010: 00520C70 00000000 000,000 00000000 0000000010 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000 ................ 0010:

00520C90 00000000 000,000 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000 00000000 ................ 0010: 00520CC0 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ... ........... 0010: 00520CE0 00000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ....... 0010: 00520D00 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000 ......... ..... 0010: 00520D20 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 million .0010: 00520D40 00000000 00000000 00000000 00000000 ................ 0010: 00520D50 00000000 00000000 00000000 00000000 ................ 0010: 00520D60 00000000 00000000 00000000 00000000 ................ 0010: 00520D70 00000000 00000000 00000000 00000000 ................ 0010: 00520D80 0 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 million ................ 0010: 00520DB0 00000000 00000000 00000000 000,000 ................ 0010: 00520DC0 0000000000000000000000000000 .... ............ 0010: 00520DD0 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000000000 ........ 0010: 00520DF0 00000000 0000000000000000000000000010: .... 0010: 00520E10 00000000 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000 ................ 0010:

00520E30 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000 00000000 ................ 0010: 00520E60 00000000 00000000 00000000 00000000 ................ 0010: 00520E70 00000000 00000000 00000000 00000000 ... ........... 0010: 00520E80 00000000 00000000 聽 0000000000000000000000000000000000000000000000000000000000000000000000000 ....... ....... 0010: 00520EA0 00000000 000,000 00000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000- ..... 0010: 00520EC0 00000000 00000000 00000000 00000000 ................ 0010: 00520ED0 00000000 00000000 00000000 00000000 ............... .0010: 00520EE0 00000000 00000000 00000000 00000000 ................ 0010: 00520EF0 00000000 00000000 00000000 00000000 ................ 0010: 00520F00 00000000 00000000 00000000 00000000 ................ 0010: 00520F10 00000000 00000000 00000000 00000000 ................ 0010: 00520F20 0 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000 ................ 0010: 00520F50 00000000 00000000 0000000000000000000000000000000000000000000000000000000000 00 .... ............ 0010: 00520F70 00000000 00000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ........ ........ 0010: 00520F90 00000000 00000000 00000000 00000000 ................ 0010: 00520FA0 00000000 00000000 00000000 00000000 ............ .... 0010: 00520fb0 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 000,000 ... 0010:

00520FD0 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000 00000000 .............. After making some application and release, the content is below 0010: 00520000 000000C8 00000100 EEffeeff 00001000 ................ 0010: 00520010 000000 000000 00 00100000 00002000 .............. 0010: 00520020 00000200 00002000 00000124 7ffdefff ...... $ ... 0010: 00520030 06080004 0000000000000000 00000000 ................ 0010: 00520040 00000000 00520598 0000000F ffffffff8 ... r ....... 0010: 00520050 00520050 000000 PRPR @

.R ..... 0010: 00520060 00000000 00000000 00000000 00000000 ................ 0010: 00520070 00000000 00000000 00000000 00000000 ............. ... 0010: 0,052,008,000,000,000 00000000 00000000 ................ 0010: 0,052,009,000,000,000 00000000 00000000 ................ 0010 005200000020010 0000-00.00.00000000000000000000000000000000002000000000000-002 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00-00 0000-00 0000-00-00 0000-00-00 0000-00-00 0000-00 0000-00-00 0000-00-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 0000-00 0000-00-00 00000000 00000000 ................ 0010: 005200D0 00000000 00000000 00000000 00000000 ................ 0010: 005200E0 00000000 00000000 00000000 00000000 .. .............. 0010: 005200F0 00000000 00000000 0000000000000000000000000000000000000000000000000000000000 0000000000000000 ... .......... 0010: 00520110 00000000 000,000 00000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000 .......... ... 0010: 00520130 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000 ........... ..001 0: 00520150 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000-008 0000-00 0000-00 00000000 00520730 00520730 .......... 0.0.R.0010 00520180 00520180 00520180 0052018 00520188 ..r ... r ... r ... r.0010: 00520190 005206A0 00520700 00520198 00520198. .R ... r ... r ... r.0010: 005201A0 005201A0 005201A0 005201A8 005201A8 ..r ... r ... r ... r.0010: 005201B005201B0 005201B0 005201B8 005201B8 ..R.. .R ... r ... r.0010: 005201C0 005201C0 005201C0 005201C8 005201C8 ..r ... r ... r ... r.0010: 005201D0 005201D0 005201D0 005201D8 005201D8 ..r ... r .. .R ... r.0010: 005201E0 005201E8 005201E8 ..r ... r ... r ... r.0010: 005201F0 005201F0 005201F0 005201F8 005201F8 ..r ... r ... r .. .R.0010:

00520FD0 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000 00000000 ............... The whole pile can be divided into two parts, first is a huge header, from 00520000 to 00520680 (say because it is already used by 00520680 To dynamically apply and release memory and its structure, this is not necessarily correct), the first part is a variety of information. Starting from 00520178 a large structure array, this structure array has about 128 array elements. Each array element is 8 bytes, which is a structure. This structure consists of two parts. It can be defined like this: struct _free_memory_link_node {_free_memory_link_node * pnextfreeMemLinkNode; _free_memory_link_node * pprevfreeMemLinkNode;}; This structure consists of 2 pointers to point to the idle memory block. There will be more detailed descriptions later. This 128 this structure is used to point to the idle memory blocks of 128 different sizes to accelerate. After this large group of structures, it is something that I don't know what is. The head is these. Then, the memory part is used for dynamic application and release, these memory has two structures, the first, is allocated, ----------------- ---------------------------------------- | 8 Byte | BUF | - -------------------------------------------------- ------- | Information and Sign | User Memory | The first is 8 bytes of information and logo, and the specific content is unknown. The subsequent memory is the memory address returned by HeapAlloc. Second, is idle memory, -------------------------------------------------------------------------------------------------------------------------------- ------------------- | 8 Bytes | 8 BYtes | BUF | -------------------- --------------------------------------- | Information and Sign | Double Pointer Structure | Memory | First, it is still an 8-byte information and logo, (very likely to have a sign to show that it is idle, I see very elephant, but it is not sure), then it is the 8-byte double pointer structure, which is what said _Free_memory_link_node structure. Note that after the memory is released, the content inside is not cleared, don't be confused. Each idle memory is connected together according to its size and a linked list starting at the idle chain head in Heap header, this is a two-way loop chain, according to the contents of Softice, which gives the second getch (). This linked list can be easily constructed. Too time, I didn't make an illustration. When two pointers of the node of the node of an idle chain head in the Heap header point to themselves, the idle block of this size is 0.

This is why I just started to see two pointers of large pieces, pointing to my 8 bytes, just because I just started a single idle memory, there is no small piece of idle memory, and there is no node of each range of linked lists. . The idle block is needed to use a linked list, so you can find each idle block to use it when you apply. It can be estimated that when a memory block is released each time, the system (this is appropriate?) Also needs to judge whether it is suitable for the idle block next to next, if yes, will be merged. The system also needs to insert this idle block into the appropriate position in the two-way linked list of the respective size ranges according to the size. The memory block used is no need for a pointer link because they return the address to the program when assignment, the program uses the memory of this address. There is no reason to link them. From this, we can also see that some of the necessary processing of memory on the pile is really troublesome, which will result in relatively slow. Look at the 128 chain table, the respective airlines sizes. In order to test the idle block of different sizes, it will be linked to which of 128 layers, I wrote the following applet. The principle of the program I don't explain, you entered the specified size, program application, and release this size memory block, form a size of the idle memory block, and then get a pointer according to the location, and then look at where. #include #include #include void main () {start: handle hheap; hHEAP = Heapcreate (NULL, 0X1000, 0X10000); int size; printf ("Type HeapAlloc SIZE (HEX): "); Scanf ("% x ", & size); Printf (" / nsize (hex):% x Byte / n ", size); Printf (" / N (% x-1) / 8 * 8 =% 08x / n ", size, ((size-1) / 8 * 8); char * buf1, * buf2; buf1 = (char *) HeapAlloc (hHEAP, 0, size); buf2 = (char *) HeapAlloc (HHEAP, 0, 16); HeapFree (HHEAP, 0, BUF1); INT * Addr; addr = (int *) BUF1; Printf ("Pointer:% 08x / n", * addr; HeapFree , 0, BUF2); Heapdestroy (HHEAP); Printf ("/ n / n"); goto start;} After testing, release 1-8 bytes of idle memory blocks, pointing to the two-way linked list starting at 00520188. 9-16 bytes of idle memory blocks, pointing to 00520190, 17-24 bytes, pointing to 00520198, 25-32 bytes of idle memory block, pointing to 005201A0 ... according to this type, each They are all ranges from 8 bytes until the 0x3E9-0X3F0 (1001-1008) types of idle memory blocks. 0x3e9-0x3f0 points to 00520570. In line with this rule (8 bytes, a range section) starts from 1-8 until 1001-1008, a total of 126 items. Any idle memory block that exceeds 1008 bytes will be linked to a special two-way linked list, which starts at 00520178. An address will be noticed when you just start.

转载请注明原文地址:https://www.9cbs.com/read-26151.html

9cbs

New Post(0)