Windows 8: Doing heap analysis on 32 bit application running through WOW64

Question

To start with, this is not a general question about how to do heap analysis, as this I'm quite familiar with in earlier versions of Windows.

What I'm wondering however is if anyone has managed to perform heap analysis of a 32 bit application running through the WOW64 layer on 64 bit Windows 8, Windows 8 being the key word here?

Running Windows 7 and Debugging Tools for Windows I've simply applied the user stack and heap tagging using gflags, and then used the x86 version of WinDbg to attach to the process, to only get the 32 bit context (as I'm normally not interested in the WOW64 layer itself). Heap information shows up perfectly.

On Windows 8, doing the same procedure, adding the gflags and starting my process the memory usage after startup increases from 40 to 140MB, indicating that the gflags has kicked in.

However, no matter how I try to neither WinDbg or umdh manages to fetch any heap information. Neither the old way using the x86 version, or the way described in the documentation, when running through WOW64, by running the x64 version and switching .effmach to the 32 bit context.

In addition I've tried this using both the Windows 7 and Windows 8 versions of Debugging Tools for Windows, so the same tools that give me good results on Windows 7 does not behave the same on Windows 8.

My current guess is that the changes in how Windows 8 manages the heap (which I've seen a few articles about round the internet) has probably not been updated/reflected in the Debugging Tools for Windows entirely. I would assume (my own use scenarios only involve 32 bits processes in a WOW64 context so I do not know for certain) that heap analysis for applications when not having the WOW64 layer in between works as intended, but that the WOW64 currently is the blocker here.

I'm eager to find out if I'm doing something wrong, or if there's issues with the current tools. I've currently fallen back to running Windows 7 in a VM to do my memory analysis.

So, has anyone had any success with doing heap analysis of a win32 application under WOW64 in Windows 8, and if so how?

Answer 1

Have you tried the EGGHUNTER tool? There is also a Intel Parallel Studio XE 2013 trial Version that has got lot of tools to work with.It gets attached to your IDE VS 2010 or 2012 and then you can just test run your application.The general features

Intel® Parallel Studio XE includes the next-generation software

development tools:  Intel® C, C++ and Fortran Compilers –

Industry-Leading Compilers  Intel® MKL and Intel® IPP – Performance Libraries  Intel® Threading Building Blocks and Intel® Cilk™ Plus – Parallel Programming Models  Intel® Advisor XE – Threading Assistant  Intel® VTune™ Amplifier XE – Performance & Thread Profiler  Intel® Inspector XE – Memory and Thread Checker  Static Analysis – Locate Difficult to find Defects

I guess it will help you.Thanks