What do these Windbg error messages mean?

2
votes

I'm trying to do a !heap -s in Windbg to get heap information. When I attempt it I get the following output:

  Heap     Flags   Reserv  Commit  Virt   Free  List   UCR  Virt  Lock  Fast 
                    (k)     (k)    (k)     (k) length      blocks cont. heap 
-----------------------------------------------------------------------------
00000000005d0000 08000002     512     28    512     10     3     1    0      0      
Error: Heap 0000000000000000 has an invalid signature eeffeeff
Front-end heap type info is not available
Front-end heap type info is not available
Virtual block: 0000000000000000 - 0000000000000000 (size 0000000000000000)
HEAP 0000000000000000 (Seg 0000000000000000) At 0000000000000000 Error: Unable to read virtual block

0000000000000000 00000000       0      0      0      0     0     0    1      0      
-----------------------------------------------------------------------------

I can't find any reference as to what the unusual error/not available lines mean.

Can someone please give me a summary as to why I'm not getting an expected list of heaps?

The only thing I execute prior to !heap -s is !wow64exts.sw because the process dumps are from a 32 bit process but created by a 64 bit Task Manager.

1
windbg
My understanding is that you should use the 32-bit Task Manager located at C:\Windows\SysWOW64 to do process dumps, could you try that and see if the error messages still appear.EdChum

1 Answers

2
votes

After testing with the 32 and 64 bit Task Managers it appears that process dumps of 32 bit processes created by the 64 bit Task Manager can only be debugged successfully in some areas using !wow64exts.sw in Windbg to use 32 bit debugging.

That extension allows call stacks to be reviewed correctly, but !heap -s does not appear to work correctly under it. Instead you end up with the errors in the question.

For example, the output from a process dump of the 32 bit process using the 32 bit Task Manager:

0:000> !heap -s
NtGlobalFlag enables following debugging aids for new heaps:
    stack back traces
LFH Key                   : 0x06b058a2
Termination on corruption : DISABLED
  Heap     Flags   Reserv  Commit  Virt   Free  List   UCR  Virt  Lock  Fast 
                    (k)     (k)    (k)     (k) length      blocks cont. heap 
-----------------------------------------------------------------------------
031b0000 08000002    1024    236   1024      2    13     1    0      0   LFH
001d0000 08001002    1088    188   1088     18     9     2    0      0   LFH
01e30000 08001002    1088    160   1088      4     3     2    0      0   LFH
03930000 08001002     256      4    256      2     1     1    0      0      
038a0000 08001002      64     16     64     13     1     1    0      0      
-----------------------------------------------------------------------------

The output from a process dump of the 32 bit process using the 64 bit Task Manager without !wow64exts.sw:

0:000> !heap -s
NtGlobalFlag enables following debugging aids for new heaps:
    stack back traces
LFH Key                   : 0x000000b406b058a2
Termination on corruption : ENABLED
          Heap     Flags   Reserv  Commit  Virt   Free  List   UCR  Virt  Lock  Fast 
                            (k)     (k)    (k)     (k) length      blocks cont. heap 
-------------------------------------------------------------------------------------
0000000001f70000 08000002     512     28    512     10     3     1    0      0      
0000000000020000 08008000      64      4     64      1     1     1    0      0      
-------------------------------------------------------------------------------------

The output from a process dump of the 32 bit process using the 64 bit Task Manager with !wow64exts.sw:

0:000> !wow64exts.sw
Switched to 32bit mode
0:000:x86> !heap -s
NtGlobalFlag enables following debugging aids for new heaps:
    stack back traces
LFH Key                   : 0x000000b406b058a2
Termination on corruption : ENABLED
  Heap     Flags   Reserv  Commit  Virt   Free  List   UCR  Virt  Lock  Fast 
                    (k)     (k)    (k)     (k) length      blocks cont. heap 
-----------------------------------------------------------------------------
0000000001f70000 08000002     512     28    512     10     3     1    0      0      
Error: Heap 0000000000000000 has an invalid signature eeffeeff
Front-end heap type info is not available
Front-end heap type info is not available
Virtual block: 0000000000000000 - 0000000000000000 (size 0000000000000000)
HEAP 0000000000000000 (Seg 0000000000000000) At 0000000000000000 Error: Unable to read virtual block

0000000000000000 00000000       0      0      0      0     0     0    1      0      
-----------------------------------------------------------------------------

Those were all taken from the same process.