Hi all
I have done the first step for the MemLeak tool, that is the API hooking of 3 procs I wanted to monitor: HeapAlloc, HeapFree and HeapReAlloc. Already the first tests showed me a programming error I had done with the memory allocation!

I created an object I called IAT32Hook that simply replaces the entry of a given API in the ?Import Address Table? with the address of my own proc. By this way I can keep a count of this API (on successful return) and compare, i.e. the count of the allocation against the freeing of heap memory. If both counts are equal all is OK, but if not, somebody has forgotten to release a memory block somewhere in the code?

I?m thinking to do the same with other APIs that always go in pairs like BeginPaint and EndPaint.

At this point, the code I posted here doesn?t keep track of handles, pointers or memory offsets. It simply counts. Of course, more sophisticated strategies can be thought, i.e. to check if a returned memory handle was freed. If not, the offset of the memory allocation can be shown. This info could come from the return address of the call to my API substitute procedure. The problem here is to relate this info with the source code to show this place to the programmer. I?m not familiar with the COFF information, but I guess that it could be a way to achieve it. Some help on this point will be appreciated!

This tool is a free open source project. I?m using ObjAsm32 to test it, but it can be used on other asm development platforms, too.

Regards,

Biterider
Attachments:
Posted on 2005-04-09 13:45:45 by Biterider
If you're going to track, rather than just count, I would suggest creating a secondary heap for the tracking information...
Posted on 2005-04-10 06:37:32 by f0dder
Humm, good idea! I'll do it so. Have you an idea how to come to the source line?

Regards,

Biterider
Posted on 2005-04-10 06:45:04 by Biterider
Hmm, source line... that would require changing the source of the program doing the allocs. For asm, you could wrap all allocations in macros (you shouldn't really be calling HeapAlloc + friends directly anyway, having wrapper functions has a bunch of advantages). For C/C++, there are already some very powerful debugging tools available (like paul nettles mmgr).

Hmm, it might be possible to get source line info from asm apps without changing the source... If you compile with debug info, and check the return-eip inside Heap* functions, and try to look up that address with PDB functions. But this seems a bit complex, will only work if Heap* functions are called directly, and probably isn't worth the trouble.
Posted on 2005-04-10 06:49:24 by f0dder