Home/ Questions/Q 7823933
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T08:25:19+00:00

I’m analyzing some user mode memory dumps to try to track down a leak,

  • 0

I’m analyzing some user mode memory dumps to try to track down a leak, and I’ve got some canidates for what is leaking, but I keep on seeing these entries in my dumps when I run the !heap -flt s xx command.

    14a8bd58 0006 0006  [07]   14a8bd60    00018 - (busy)
    14a8bd88 0006 0006  [07]   14a8bd90    00018 - (busy)
    14a8bdf8 0006 0006  [07]   14a8be00    00018 - (busy)
    14a8bf48 0006 0006  [07]   14a8bf50    00018 - (busy)
      ? SomeModule!SomeFunction+1bdf4

I get what the 

    14a8bd58 0006 0006  [07]   14a8bd60    00018 - (busy)

lines are, but I’m not really sure what the lines

      ? SomeModule!SomeFunction+1bdf4

really mean. These dumps were captured with the +ust flag for heap traces.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    They are just providing symbolic information in order for a reader to more usefully locate the corresponding part of the source.

    Under Windows, the virtual address space of a process is populated by a set of modules. Each module consists of a base address and a size. So another way this information is sometimes displayed is Module + Relative Offset.

    A module can contain functions. In the cases where symbol tables are intact, it is possible to find the relative offsets (into the module) and sizes of these functions. The dump is simply displaying this information in a more human-readable format.

    • 0