0

I am beginner in WinDbg, I have to analyze a user mode dump in WinDbg.

I have set up environment variables for downloading Microsoft symbols as srv*c:\Symbols\cache*https://msdl.microsoft.com/download/symbols and symbols related to the Dump: "C:\symbols\RP\4359" but when I run !heap -p -a <address> I am not getting call stack which can direct me towards the code.

Call stack which will direct me to source code.

Marek R
  • 32,568
  • 6
  • 55
  • 140
Vinay Gundettiwar
  • 1
  • "[Before you can use any !heap -p extension command, the page heap must be enabled for your target process](https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/-heap)." Was page heap enabled? – Raymond Chen Apr 12 '23 at 13:27

1 Answers1

0

For this to work, you need to enable page heap in GFlags:

GFlags +HPA Page Heap

Equivalent command line: gflags /i my.exe +hpa.

To check if it was enabled, use !gflag in WinDbg and it needs to show hpa in its output. To enable it just for one debugging session, use !gflag +hpa (not sure if this works only at the initial breakpoint, it'll certainly not affect allocations which have already happened).

Thomas Weller
  • 55,411
  • 20
  • 125
  • 222