!heap 手动查询内存泄漏

1：查看所有堆信息，找到一个很大的堆
0:243> !heap -s

************************************************************************************************************************
NT HEAP STATS BELOW
************************************************************************************************************************
LFH Key : 0x135b0978
Termination on corruption : DISABLED
Heap Flags Reserv Commit Virt Free List UCR Virt Lock Fast
(k) (k) (k) (k) length blocks cont. heap
-----------------------------------------------------------------------------
013e0000 00000002 16472 14712 16364 2051 488 12 0 3b LFH
External fragmentation 13 % (488 free blocks)
01370000 00001002 3232 1264 3124 189 27 3 0 1 LFH
External fragmentation 15 % (27 free blocks)
01c20000 00001002 128828 84980 128720 4359 835 180 5 6 LFH
Virtual address fragmentation 34 % (180 uncommited ranges)
01bf0000 00001002 60 12 60 3 2 1 0 0
02210000 00001002 60 12 60 2 2 1 0 0
02b20000 00001002 1188 816 1080 25 31 2 0 5 LFH
04c90000 00001002 1188 168 1080 12 9 2 0 0 LFH
05430000 00001002 168 32 60 6 4 1 0 0 LFH
05a10000 00001002 60 40 60 2 1 1 0 0
07050000 00001002 1188 832 1080 444 23 2 0 0 LFH
07ce0000 00001002 1188 148 1080 9 4 2 0 0 LFH
07dc0000 00001002 1188 148 1080 9 4 2 0 0 LFH
09d10000 00001002 60 8 60 6 1 1 0 0
0b920000 00001002 15512 7060 15404 946 80 5 1 1 LFH
External fragmentation 13 % (80 free blocks)
0e7c0000 00001002 1188 512 1080 22 18 2 0 1 LFH
0f420000 00001002 1188 280 1080 19 9 2 0 0 LFH
118f0000 00001002 1188 608 1080 501 9 2 0 0 LFH
11f90000 00001002 60 24 60 15 3 1 0 0
12b60000 00001002 3232 1648 3124 48 41 3 0 0 LFH
12ca0000 00001002 3232 2912 3124 1709 42 3 1 0 LFH
External fragmentation 58 % (42 free blocks)
148c0000 00001002 60 4 60 2 1 1 0 0
18cb0000 00001002 1188 616 1080 316 54 2 0 0 LFH
1a5e0000 00001002 3232 1940 3124 880 82 4 0 4 LFH
External fragmentation 45 % (82 free blocks)
1a570000 00001002 15512 14868 15404 829 63 21 4 0 LFH
1ac70000 00001002 7324 5656 7216 397 186 4 1 0 LFH
1a5c0000 00001002 60 44 60 22 2 1 0 0
1b770000 00001002 1188 156 1080 56 19 2 0 0 LFH
0e500000 00001002 1188 292 1080 62 27 2 0 0 LFH
1cdf0000 00001002 1188 88 1080 23 10 2 0 1 LFH

2：针对堆地址，查看内部信息，看内部内存的使用情况
0:243> !heap -stat -h 01c20000
heap @ 01c20000
group-by: TOTSIZE max-display: 20
size #blocks total ( %) (percent of total busy bytes)
400000 1 - 400000 (25.16)
40000 8 - 200000 (12.58)
1c2256 1 - 1c2256 (11.06)
13e748 1 - 13e748 (7.82)
208 642 - cb610 (5.00)
8b290 1 - 8b290 (3.42)
897c4 1 - 897c4 (3.38)
689 121 - 760a9 (2.90)
4a5ba 1 - 4a5ba (1.83)
48 d6c - 3c660 (1.48)
489 bd - 35925 (1.32)
14 2691 - 30354 (1.18)
10000 3 - 30000 (1.18)
20 1722 - 2e440 (1.14)
18 1c0a - 2a0f0 (1.03)
8000 5 - 28000 (0.98)
2c cf1 - 2396c (0.87)
219c0 1 - 219c0 (0.83)
1f3a0 1 - 1f3a0 (0.77)
5780 5 - 1b580 (0.67)

3：第一块内存是个巨块，4M，以它为目标，
查看所有体积和它一致的堆内存，找到UserPtr
0:243> !heap -flt s 400000
_HEAP @ 13e0000
_HEAP @ 1370000
_HEAP @ 1c20000
HEAP_ENTRY Size Prev Flags UserPtr UserSize - state
1190b018 80200 0000 [00] 1190b020 400000 - (busy VirtualAlloc)
_HEAP @ 1bf0000
_HEAP @ 2210000
_HEAP @ 2b20000
_HEAP @ 4c90000
_HEAP @ 5430000
_HEAP @ 5a10000
_HEAP @ 7050000
_HEAP @ 7ce0000
_HEAP @ 7dc0000
_HEAP @ 9d10000
_HEAP @ b920000
_HEAP @ e7c0000
_HEAP @ f420000
_HEAP @ 118f0000
_HEAP @ 11f90000
_HEAP @ 12b60000
_HEAP @ 12ca0000
_HEAP @ 148c0000
_HEAP @ 18cb0000
_HEAP @ 1a5e0000
_HEAP @ 1a570000
_HEAP @ 1ac70000
_HEAP @ 1a5c0000
_HEAP @ 1b770000
_HEAP @ e500000
_HEAP @ 1cdf0000

4：根据UserPtr 查看调用栈，但是不是所有调用栈都能看到
比如这个，就看不到调用栈
0:243> !heap -p -a 1190b020
address 1190b020 found in
_HEAP @ 1c20000
HEAP_ENTRY Size Prev Flags UserPtr UserSize - state
1190b018 80200 0000 [00] 1190b020 400000 - (busy VirtualAlloc)

5：如果第四步能看到调用栈，则能看到此内存的申请调用栈，
若此是个内存泄露，则可以看到内存泄漏点的调用栈。