关于windbg:利用Windbg分析高内存占用问题
大家好,我是本期的微软 MVP 实验室研究员——冯辉。本篇文章次要介绍如何利用Windbg剖析利用过程中的内存问题,从托管堆到非托管堆的摸索以及到内存的调配,接下来咱们一起来摸索吧。 近期有几位敌人应用咱们的Magicodes.IE反馈在导出过程中内存暴涨,接下来咱们通过windbg来看一下什么起因导致的。 咱们先通过address -summary来看一下以后利用内存占用量。 0:000> !address -summary--- Usage Summary ---------------- RgnCount ----------- Total Size -------- %ofBusy %ofTotalFree 581 7df8`ef0c9000 ( 125.972 TB) 98.42%<unknown> 1678 206`ffb9e000 ( 2.027 TB) 99.99% 1.58%Image 950 0`064fd000 ( 100.988 MB) 0.00% 0.00%Heap 58 0`050f6000 ( 80.961 MB) 0.00% 0.00%Stack 156 0`04380000 ( 67.500 MB) 0.00% 0.00%Other 11 0`019ad000 ( 25.676 MB) 0.00% 0.00%TEB 52 0`00068000 ( 416.000 kB) 0.00% 0.00%PEB 1 0`00001000 ( 4.000 kB) 0.00% 0.00%--- Type Summary (for busy) ------ RgnCount ----------- Total Size -------- %ofBusy %ofTotalMEM_MAPPED 282 200`038a6000 ( 2.000 TB) 98.64% 1.56%MEM_PRIVATE 1674 7`07184000 ( 28.111 GB) 1.35% 0.02%MEM_IMAGE 950 0`064fd000 ( 100.988 MB) 0.00% 0.00%--- State Summary ---------------- RgnCount ----------- Total Size -------- %ofBusy %ofTotalMEM_FREE 581 7df8`ef0c9000 ( 125.972 TB) 98.42%MEM_RESERVE 295 205`f8659000 ( 2.023 TB) 99.79% 1.58%MEM_COMMIT 2611 1`188ce000 ( 4.384 GB) 0.21% 0.00%--- Protect Summary (for commit) - RgnCount ----------- Total Size -------- %ofBusy %ofTotalPAGE_READWRITE 1595 1`0dc6c000 ( 4.215 GB) 0.20% 0.00%PAGE_EXECUTE_READ 156 0`04d66000 ( 77.398 MB) 0.00% 0.00%PAGE_READONLY 600 0`03851000 ( 56.316 MB) 0.00% 0.00%PAGE_NOACCESS 99 0`021f2000 ( 33.945 MB) 0.00% 0.00%PAGE_EXECUTE_READWRITE 19 0`0027b000 ( 2.480 MB) 0.00% 0.00%PAGE_WRITECOPY 90 0`001a0000 ( 1.625 MB) 0.00% 0.00%PAGE_READWRITE | PAGE_GUARD 52 0`0009e000 ( 632.000 kB) 0.00% 0.00%--- Largest Region by Usage ----------- Base Address -------- Region Size ----------Free 189`0413c000 7c6b`01ed4000 ( 124.418 TB)<unknown> 7dfb`2a153000 1f9`bd2ef000 ( 1.976 TB)Image 7ffc`883c1000 0`009ba000 ( 9.727 MB)Heap 183`0e9a1000 0`00f01000 ( 15.004 MB)Stack 37`62980000 0`0017b000 ( 1.480 MB)Other 183`77707000 0`01775000 ( 23.457 MB)TEB 37`62600000 0`00002000 ( 8.000 kB)PEB 37`627dd000 0`00001000 ( 4.000 kB)MEM_COMMIT占用了4.384G,接下来咱们利用eeheap -gc来查看托管堆。 ...