c++ - What's the meaning of "Internal" in "!heap -h" output in windbg? -


i following stackoverflow post what different columns in "!heap -flt -s xxxx" windbg command represent

i trying understand information printed out 1 of heaps using lot of memory.

i can understand of columns on windbg, see additional column. of entries marked internal. wonder means. have done !gflags +ust. so, can see call stack making memory allocation. can on of entries except ones marked internal.

what internal mean? related implementation of lfh? if internal implementation of lfh, how , when these internal heap entries return free list? it's holding memory no reasons now.

here output of !heap -h 0000000002330000 reference.

index   address  name      debugging options enabled   8:   02330000      segment @ 0000000002330000 0000000002340000 (00010000 bytes committed)     segment @ 00000000032b0000 00000000033b0000 (00100000 bytes committed)     segment @ 00000000065a0000 00000000067a0000 (00200000 bytes committed)     segment @ 00000000067a0000 0000000006ba0000 (00400000 bytes committed)     segment @ 0000000006d80000 0000000007580000 (006f2000 bytes committed)     flags:                08001002     forceflags:           00000000     granularity:          16 bytes     segment reserve:      01000000     segment commit:       00002000     decommit block thres: 00000400     decommit total thres: 00001000     total free size:      0000274d     max. allocation size: 000007fffffdefff     lock variable at:     00000000023301f8     next tagindex:        0000     maximum tagindex:     0000     tag entries:          00000000     psuedotag entries:    00000000     virtual alloc list:   02330118     uncommitted ranges:   023300f8     freelist[ 00 ] @ 0000000002330158: 0000000007454600 . 00000000032e3de0   (24 blocks)  heap entries segment00 in heap 0000000002330000     0000000002330000: 00000 . 00a70 [101] - busy (a6f)     0000000002330a70: 00a70 . 00860 [101] - busy (85f)     00000000023312d0: 00860 . 038b0 [101] - busy (38af)     0000000002334b80: 038b0 . 00330 [100]     0000000002334eb0: 00330 . 00b60 [101] - busy (b34)     0000000002335a10: 00b60 . 00160 [101] - busy (134)     0000000002335b70: 00160 . 00090 [101] - busy (5c)     0000000002335c00: 00090 . 00090 [101] - busy (5c)     0000000002335c90: 00090 . 00040 [100]     0000000002335cd0: 00040 . 00090 [101] - busy (5c)     0000000002335d60: 00090 . 00020 [100]     0000000002335d80: 00020 . 00130 [101] - busy (104)     0000000002335eb0: 00130 . 00080 [101] - busy (53)     0000000002335f30: 00080 . 00090 [101] - busy (65)     0000000002335fc0: 00090 . 01060 [101] - busy (1034)     0000000002337020: 01060 . 01020 [101] - busy (ff0) internal      0000000002338040: 01020 . 00420 [101] - busy (3f0) internal      0000000002338460: 00420 . 00090 [101] - busy (64)     00000000023384f0: 00090 . 00260 [101] - busy (234)     0000000002338750: 00260 . 00090 [101] - busy (5c)     00000000023387e0: 00090 . 00080 [101] - busy (54)     0000000002338860: 00080 . 00080 [101] - busy (4c)     00000000023388e0: 00080 . 00030 [100]     0000000002338910: 00030 . 00090 [101] - busy (5c)     00000000023389a0: 00090 . 00090 [101] - busy (64)     0000000002338a30: 00090 . 00260 [101] - busy (234)     0000000002338c90: 00260 . 00060 [101] - busy (35)     0000000002338cf0: 00060 . 00160 [101] - busy (134)     0000000002338e50: 00160 . 00260 [101] - busy (234)     00000000023390b0: 00260 . 00160 [101] - busy (134)     0000000002339210: 00160 . 000c0 [101] - busy (94)     00000000023392d0: 000c0 . 00080 [101] - busy (4c)     0000000002339350: 00080 . 000c0 [101] - busy (84)     0000000002339410: 000c0 . 000c0 [101] - busy (84)     00000000023394d0: 000c0 . 000c0 [101] - busy (94)     0000000002339590: 000c0 . 000c0 [101] - busy (94)     0000000002339650: 000c0 . 000a0 [101] - busy (6c)     00000000023396f0: 000a0 . 000c0 [101] - busy (94)     00000000023397b0: 000c0 . 000a0 [101] - busy (6c)     0000000002339850: 000a0 . 000a0 [101] - busy (6c)     00000000023398f0: 000a0 . 02020 [101] - busy (1ff0) internal      000000000233b910: 02020 . 000a0 [101] - busy (74)     000000000233b9b0: 000a0 . 00060 [101] - busy (35)     000000000233ba10: 00060 . 02020 [101] - busy (1ff0) internal      000000000233da30: 02020 . 000a0 [101] - busy (6c)     000000000233dad0: 000a0 . 000c0 [101] - busy (94)     000000000233db90: 000c0 . 000a0 [101] - busy (6c)     000000000233dc30: 000a0 . 00060 [100]     000000000233dc90: 00060 . 001c0 [101] - busy (194)     000000000233de50: 001c0 . 00260 [101] - busy (234)     000000000233e0b0: 00260 . 000b0 [101] - busy (80)     000000000233e160: 000b0 . 00020 [100]     000000000233e180: 00020 . 000c0 [101] - busy (94)     000000000233e240: 000c0 . 000a0 [101] - busy (6c)     000000000233e2e0: 000a0 . 000a0 [101] - busy (74)     000000000233e380: 000a0 . 001c0 [101] - busy (194)     000000000233e540: 001c0 . 00020 [100]     000000000233e560: 00020 . 000c0 [101] - busy (84)     000000000233e620: 000c0 . 000c0 [101] - busy (84)     000000000233e6e0: 000c0 . 000c0 [101] - busy (94)     000000000233e7a0: 000c0 . 000c0 [101] - busy (94)     000000000233e860: 000c0 . 00260 [101] - busy (234)     000000000233eac0: 00260 . 000b0 [101] - busy (82)     000000000233eb70: 000b0 . 00350 [100]     000000000233eec0: 00350 . 00330 [101] - busy (2fc)     000000000233f1f0: 00330 . 00440 [101] - busy (40c)     000000000233f630: 00440 . 00420 [101] - busy (3f0) internal      000000000233fa50: 00420 . 00460 [100]     000000000233feb0: 00460 . 000b0 [101] - busy (80)     000000000233ff60: 000b0 . 00060 [100]     000000000233ffc0: 00060 . 00040 [111] - busy (3d)     0000000002340000:      00000000      - uncommitted bytes. heap entries segment01 in heap 0000000002330000     00000000032b0000: 00000 . 00070 [101] - busy (6f)     00000000032b0070: 00070 . 0c470 [101] - busy (c440) internal      00000000032bc4e0: 0c470 . 00280 [101] - busy (254)     00000000032bc760: 00280 . 000a0 [101] - busy (70)     00000000032bc800: 000a0 . 00080 [101] - busy (4c)     00000000032bc880: 00080 . 00080 [101] - busy (58)     00000000032bc900: 00080 . 00070 [101] - busy (48)     00000000032bc970: 00070 . 00080 [101] - busy (4b)     00000000032bc9f0: 00080 . 00070 [101] - busy (42)     00000000032bca60: 00070 . 00080 [101] - busy (4d)     00000000032bcae0: 00080 . 000a0 [101] - busy (72)     00000000032bcb80: 000a0 . 00080 [101] - busy (51)     00000000032bcc00: 00080 . 000b0 [101] - busy (7c)     00000000032bccb0: 000b0 . 00070 [101] - busy (46)     00000000032bcd20: 00070 . 00080 [101] - busy (4c)     00000000032bcda0: 00080 . 00080 [101] - busy (4f)     00000000032bce20: 00080 . 00080 [101] - busy (52)     00000000032bcea0: 00080 . 00090 [101] - busy (5d)     00000000032bcf30: 00090 . 00080 [101] - busy (4b)     00000000032bcfb0: 00080 . 00070 [101] - busy (43)     00000000032bd020: 00070 . 00080 [101] - busy (4a)     00000000032bd0a0: 00080 . 00080 [101] - busy (49)     00000000032bd120: 00080 . 00070 [101] - busy (48)     00000000032bd190: 00070 . 00070 [101] - busy (44)     00000000032bd200: 00070 . 000a0 [101] - busy (69)     00000000032bd2a0: 000a0 . 00070 [101] - busy (46)     00000000032bd310: 00070 . 00070 [101] - busy (3c)     00000000032bd380: 00070 . 000c0 [101] - busy (8c)     00000000032bd440: 000c0 . 00070 [101] - busy (3c)     00000000032bd4b0: 00070 . 00090 [101] - busy (5c)     00000000032bd540: 00090 . 00090 [101] - busy (5c)     00000000032bd5d0: 00090 . 00090 [101] - busy (5c)     00000000032bd660: 00090 . 000a0 [101] - busy (5c)     00000000032bd700: 000a0 . 00070 [101] - busy (44)     00000000032bd770: 00070 . 00090 [101] - busy (5c)     00000000032bd800: 00090 . 00070 [101] - busy (3c)     00000000032bd870: 00070 . 00050 [100]     00000000032bd8c0: 00050 . 00260 [101] - busy (234)     00000000032bdb20: 00260 . 00070 [101] - busy (3c)     00000000032bdb90: 00070 . 00090 [101] - busy (5c)     00000000032bdc20: 00090 . 00070 [101] - busy (3c)     00000000032bdc90: 00070 . 00070 [101] - busy (3c)     00000000032bdd00: 00070 . 00090 [101] - busy (5c)     00000000032bdd90: 00090 . 00070 [101] - busy (3c)     00000000032bde00: 00070 . 00070 [101] - busy (3c)     00000000032bde70: 00070 . 00090 [101] - busy (5c)     00000000032bdf00: 00090 . 00070 [101] - busy (3c)     00000000032bdf70: 00070 . 00cc0 [100]     00000000032bec30: 00cc0 . 00330 [101] - busy (2fc)     00000000032bef60: 00330 . 00440 [101] - busy (40a)     00000000032bf3a0: 00440 . 00220 [100]     00000000032bf5c0: 00220 . 00330 [101] - busy (2fc)     00000000032bf8f0: 00330 . 04020 [101] - busy (3ff0) internal      00000000032c3910: 04020 . 02020 [101] - busy (1ff0) internal      00000000032c5930: 02020 . 00210 [100]     00000000032c5b40: 00210 . 01020 [101] - busy (ff0) internal      00000000032c6b60: 01020 . 01020 [101] - busy (ff0) internal      00000000032c7b80: 01020 . 00440 [101] - busy (40c)     00000000032c7fc0: 00440 . 00440 [101] - busy (40a)     00000000032c8400: 00440 . 00430 [101] - busy (3f0) internal      00000000032c8830: 00430 . 02020 [101] - busy (1ff0) internal      00000000032ca850: 02020 . 02020 [101] - busy (1ff0) internal      00000000032cc870: 02020 . 01020 [101] - busy (ff0) internal      00000000032cd890: 01020 . 00420 [101] - busy (3f0) internal      00000000032cdcb0: 00420 . 00420 [101] - busy (3f0) internal      00000000032ce0d0: 00420 . 00420 [101] - busy (3f0) internal      00000000032ce4f0: 00420 . 003a0 [100]     00000000032ce890: 003a0 . 02020 [101] - busy (1ff0) internal      00000000032d08b0: 02020 . 02020 [101] - busy (1ff0) internal      00000000032d28d0: 02020 . 01020 [101] - busy (ff0) internal      00000000032d38f0: 01020 . 00420 [101] - busy (3f0) internal      00000000032d3d10: 00420 . 00420 [101] - busy (3f0) internal      00000000032d4130: 00420 . 003a0 [100]     00000000032d44d0: 003a0 . 00420 [101] - busy (3f0) internal      00000000032d48f0: 00420 . 01020 [101] - busy (ff0) internal      00000000032d5910: 01020 . 04020 [101] - busy (3ff0) internal      00000000032d9930: 04020 . 01020 [101] - busy (ff0) internal      00000000032da950: 01020 . 04020 [101] - busy (3ff0) internal      00000000032de970: 04020 . 01020 [101] - busy (ff0) internal      00000000032df990: 01020 . 04020 [101] - busy (3ff0) internal      00000000032e39b0: 04020 . 00420 [101] - busy (3f0) internal      00000000032e3dd0: 00420 . 00020 [100]     00000000032e3df0: 00020 . 04020 [101] - busy (3ff0) internal      00000000032e7e10: 04020 . 02020 [101] - busy (1ff0) internal      00000000032e9e30: 02020 . 01020 [101] - busy (ff0) internal      00000000032eae50: 01020 . 02020 [101] - busy (1ff0) internal      00000000032ece70: 02020 . 01020 [101] - busy (ff0) internal      00000000032ede90: 01020 . 000f0 [100]     00000000032edf80: 000f0 . 01020 [101] - busy (ff0) internal      00000000032eefa0: 01020 . 01020 [101] - busy (ff0) internal      00000000032effc0: 01020 . 02020 [101] - busy (1ff0) internal      00000000032f1fe0: 02020 . 02020 [101] - busy (1ff0) internal      00000000032f4000: 02020 . 00420 [101] - busy (3f0) internal      00000000032f4420: 00420 . 00160 [100]     00000000032f4580: 00160 . 02020 [101] - busy (1ff0) internal      00000000032f65a0: 02020 . 02020 [101] - busy (1ff0) internal      00000000032f85c0: 02020 . 02020 [101] - busy (1ff0) internal      00000000032fa5e0: 02020 . 08020 [101] - busy (7ff0) internal      0000000003302600: 08020 . 02020 [101] - busy (1ff0) internal      0000000003304620: 02020 . 01020 [101] - busy (ff0) internal      0000000003305640: 01020 . 02020 [101] - busy (1ff0) internal      0000000003307660: 02020 . 02020 [101] - busy (1ff0) internal      0000000003309680: 02020 . 08020 [101] - busy (7ff0) internal      00000000033116a0: 08020 . 02020 [101] - busy (1ff0) internal      00000000033136c0: 02020 . 02020 [101] - busy (1ff0) internal      00000000033156e0: 02020 . 01020 [101] - busy (ff0) internal      0000000003316700: 01020 . 02020 [101] - busy (1ff0) internal      0000000003318720: 02020 . 02020 [101] - busy (1ff0) internal      000000000331a740: 02020 . 02020 [101] - busy (1ff0) internal      000000000331c760: 02020 . 02020 [101] - busy (1ff0) internal      000000000331e780: 02020 . 02020 [101] - busy (1ff0) internal      00000000033207a0: 02020 . 02020 [101] - busy (1ff0) internal      00000000033227c0: 02020 . 01020 [101] - busy (ff0) internal      00000000033237e0: 01020 . 02020 [101] - busy (1ff0) internal      0000000003325800: 02020 . 02020 [101] - busy (1ff0) internal      0000000003327820: 02020 . 02020 [101] - busy (1ff0) internal      0000000003329840: 02020 . 01020 [101] - busy (ff0) internal      000000000332a860: 01020 . 02020 [101] - busy (1ff0) internal      000000000332c880: 02020 . 01020 [101] - busy (ff0) internal      000000000332d8a0: 01020 . 02020 [101] - busy (1ff0) internal      000000000332f8c0: 02020 . 02020 [101] - busy (1ff0) internal      00000000033318e0: 02020 . 08020 [101] - busy (7ff0) internal      0000000003339900: 08020 . 01020 [101] - busy (ff0) internal      000000000333a920: 01020 . 02020 [101] - busy (1ff0) internal      000000000333c940: 02020 . 02020 [101] - busy (1ff0) internal      000000000333e960: 02020 . 02020 [101] - busy (1ff0) internal      0000000003340980: 02020 . 02020 [101] - busy (1ff0) internal      00000000033429a0: 02020 . 01020 [101] - busy (ff0) internal      00000000033439c0: 01020 . 02020 [101] - busy (1ff0) internal      00000000033459e0: 02020 . 02020 [101] - busy (1ff0) internal      0000000003347a00: 02020 . 01020 [101] - busy (ff0) internal      0000000003348a20: 01020 . 02020 [101] - busy (1ff0) internal      000000000334aa40: 02020 . 02020 [101] - busy (1ff0) internal      000000000334ca60: 02020 . 02020 [101] - busy (1ff0) internal      000000000334ea80: 02020 . 01020 [101] - busy (ff0) internal      000000000334faa0: 01020 . 02020 [101] - busy (1ff0) internal      0000000003351ac0: 02020 . 02020 [101] - busy (1ff0) internal      0000000003353ae0: 02020 . 02020 [101] - busy (1ff0) internal      0000000003355b00: 02020 . 01020 [101] - busy (ff0) internal      0000000003356b20: 01020 . 02020 [101] - busy (1ff0) internal      0000000003358b40: 02020 . 02020 [101] - busy (1ff0) internal      000000000335ab60: 02020 . 02000 [100]     000000000335cb60: 02000 . 02020 [101] - busy (1ff0) internal      000000000335eb80: 02020 . 04020 [101] - busy (3ff0) internal      0000000003362ba0: 04020 . 02020 [101] - busy (1ff0) internal      0000000003364bc0: 02020 . 01020 [101] - busy (ff0) internal      0000000003365be0: 01020 . 02020 [101] - busy (1ff0) internal      0000000003367c00: 02020 . 01020 [101] - busy (ff0) internal      0000000003368c20: 01020 . 04020 [101] - busy (3ff0) internal      000000000336cc40: 04020 . 02020 [101] - busy (1ff0) internal      000000000336ec60: 02020 . 02020 [101] - busy (1ff0) internal      0000000003370c80: 02020 . 01020 [101] - busy (ff0) internal      0000000003371ca0: 01020 . 02020 [101] - busy (1ff0) internal      0000000003373cc0: 02020 . 01020 [101] - busy (ff0) internal      0000000003374ce0: 01020 . 02020 [101] - busy (1ff0) internal      0000000003376d00: 02020 . 02020 [101] - busy (1ff0) internal      0000000003378d20: 02020 . 02020 [101] - busy (1ff0) internal      000000000337ad40: 02020 . 04020 [101] - busy (3ff0) internal      000000000337ed60: 04020 . 02020 [101] - busy (1ff0) internal      0000000003380d80: 02020 . 02020 [101] - busy (1ff0) internal      0000000003382da0: 02020 . 02020 [101] - busy (1ff0) internal      0000000003384dc0: 02020 . 02020 [101] - busy (1ff0) internal      0000000003386de0: 02020 . 02020 [101] - busy (1ff0) internal      0000000003388e00: 02020 . 02020 [101] - busy (1ff0) internal      000000000338ae20: 02020 . 02020 [101] - busy (1ff0) internal      000000000338ce40: 02020 . 02020 [101] - busy (1ff0) internal      000000000338ee60: 02020 . 02020 [101] - busy (1ff0) internal      0000000003390e80: 02020 . 02020 [101] - busy (1ff0) internal      0000000003392ea0: 02020 . 02020 [101] - busy (1ff0) internal      0000000003394ec0: 02020 . 02020 [101] - busy (1ff0) internal      0000000003396ee0: 02020 . 08020 [101] - busy (7ff0) internal      000000000339ef00: 08020 . 02020 [101] - busy (1ff0) internal      00000000033a0f20: 02020 . 02020 [101] - busy (1ff0) internal      00000000033a2f40: 02020 . 02020 [101] - busy (1ff0) internal      00000000033a4f60: 02020 . 08020 [101] - busy (7ff0) internal      00000000033acf80: 08020 . 02020 [101] - busy (1ff0) internal      00000000033aefa0: 02020 . 00420 [101] - busy (3f0) internal      00000000033af3c0: 00420 . 00420 [101] - busy (3f0) internal      00000000033af7e0: 00420 . 00420 [101] - busy (3f0) internal      00000000033afc00: 00420 . 003c0 [100]     00000000033affc0: 003c0 . 00040 [111] - busy (3d)     00000000033b0000:      00000000      - uncommitted bytes. heap entries segment02 in heap 0000000002330000     00000000065a0000: 00000 . 00070 [101] - busy (6f)     00000000065a0070: 00070 . 04020 [101] - busy (3ff0) internal      00000000065a4090: 04020 . 04020 [101] - busy (3ff0) internal      00000000065a80b0: 04020 . 02020 [101] - busy (1ff0) internal      00000000065aa0d0: 02020 . 02020 [101] - busy (1ff0) internal      00000000065ac0f0: 02020 . 08020 [101] - busy (7ff0) internal      00000000065b4110: 08020 . 02020 [101] - busy (1ff0) internal      00000000065b6130: 02020 . 04020 [101] - busy (3ff0) internal      00000000065ba150: 04020 . 04020 [101] - busy (3ff0) internal      00000000065be170: 04020 . 08020 [101] - busy (7ff0) internal      00000000065c6190: 08020 . 04020 [101] - busy (3ff0) internal      00000000065ca1b0: 04020 . 02020 [101] - busy (1ff0) internal      00000000065cc1d0: 02020 . 04020 [101] - busy (3ff0) internal      00000000065d01f0: 04020 . 04020 [101] - busy (3ff0) internal      00000000065d4210: 04020 . 04020 [101] - busy (3ff0) internal      00000000065d8230: 04020 . 04020 [101] - busy (3ff0) internal      00000000065dc250: 04020 . 02020 [101] - busy (1ff0) internal      00000000065de270: 02020 . 08020 [101] - busy (7ff0) internal      00000000065e6290: 08020 . 04020 [101] - busy (3ff0) internal      00000000065ea2b0: 04020 . 04020 [101] - busy (3ff0) internal      00000000065ee2d0: 04020 . 08020 [101] - busy (7ff0) internal      00000000065f62f0: 08020 . 04020 [101] - busy (3ff0) internal      00000000065fa310: 04020 . 04020 [101] - busy (3ff0) internal      00000000065fe330: 04020 . 08020 [101] - busy (7ff0) internal      0000000006606350: 08020 . 04020 [101] - busy (3ff0) internal      000000000660a370: 04020 . 04020 [101] - busy (3ff0) internal      000000000660e390: 04020 . 04020 [101] - busy (3ff0) internal      00000000066123b0: 04020 . 10020 [101] - busy (fff0) internal      00000000066223d0: 10020 . 04020 [101] - busy (3ff0) internal      00000000066263f0: 04020 . 04020 [101] - busy (3ff0) internal      000000000662a410: 04020 . 04020 [101] - busy (3ff0) internal      000000000662e430: 04020 . 04020 [101] - busy (3ff0) internal      0000000006632450: 04020 . 10020 [101] - busy (fff0) internal      0000000006642470: 10020 . 04020 [101] - busy (3ff0) internal      0000000006646490: 04020 . 04020 [101] - busy (3ff0) internal      000000000664a4b0: 04020 . 04020 [101] - busy (3ff0) internal      000000000664e4d0: 04020 . 04020 [101] - busy (3ff0) internal      00000000066524f0: 04020 . 08020 [101] - busy (7ff0) internal      000000000665a510: 08020 . 08020 [101] - busy (7ff0) internal      0000000006662530: 08020 . 04020 [101] - busy (3ff0) internal      0000000006666550: 04020 . 04020 [101] - busy (3ff0) internal      000000000666a570: 04020 . 10020 [101] - busy (fff0) internal      000000000667a590: 10020 . 04020 [101] - busy (3ff0) internal      000000000667e5b0: 04020 . 08020 [101] - busy (7ff0) internal      00000000066865d0: 08020 . 08020 [101] - busy (7ff0) internal      000000000668e5f0: 08020 . 10020 [101] - busy (fff0) internal      000000000669e610: 10020 . 04020 [101] - busy (3ff0) internal      00000000066a2630: 04020 . 10020 [101] - busy (fff0) internal      00000000066b2650: 10020 . 08020 [101] - busy (7ff0) internal      00000000066ba670: 08020 . 02020 [101] - busy (1ff0) internal      00000000066bc690: 02020 . 08020 [101] - busy (7ff0) internal      00000000066c46b0: 08020 . 08020 [101] - busy (7ff0) internal      00000000066cc6d0: 08020 . 10020 [101] - busy (fff0) internal      00000000066dc6f0: 10020 . 08020 [101] - busy (7ff0) internal      00000000066e4710: 08020 . 08020 [101] - busy (7ff0) internal      00000000066ec730: 08020 . 08020 [101] - busy (7ff0) internal      00000000066f4750: 08020 . 10020 [101] - busy (fff0) internal      0000000006704770: 10020 . 08020 [101] - busy (7ff0) internal      000000000670c790: 08020 . 10020 [101] - busy (fff0) internal      000000000671c7b0: 10020 . 08020 [101] - busy (7ff0) internal      00000000067247d0: 08020 . 08020 [101] - busy (7ff0) internal      000000000672c7f0: 08020 . 20020 [101] - busy (1fff0) internal      000000000674c810: 20020 . 08020 [101] - busy (7ff0) internal      0000000006754830: 08020 . 08020 [101] - busy (7ff0) internal      000000000675c850: 08020 . 08020 [101] - busy (7ff0) internal      0000000006764870: 08020 . 08020 [101] - busy (7ff0) internal      000000000676c890: 08020 . 20020 [101] - busy (1fff0) internal      000000000678c8b0: 20020 . 08020 [101] - busy (7ff0) internal      00000000067948d0: 08020 . 08020 [101] - busy (7ff0) internal      000000000679c8f0: 08020 . 02020 [101] - busy (1ff0) internal      000000000679e910: 02020 . 016b0 [100]     000000000679ffc0: 016b0 . 00040 [111] - busy (3d)     00000000067a0000:      00000000      - uncommitted bytes. heap entries segment03 in heap 0000000002330000     00000000067a0000: 00000 . 00070 [101] - busy (6f)     00000000067a0070: 00070 . 08020 [101] - busy (7ff0) internal      00000000067a8090: 08020 . 08020 [101] - busy (7ff0) internal      00000000067b00b0: 08020 . 08020 [101] - busy (7ff0) internal      00000000067b80d0: 08020 . 20020 [101] - busy (1fff0) internal      00000000067d80f0: 20020 . 08020 [101] - busy (7ff0) internal      00000000067e0110: 08020 . 08020 [101] - busy (7ff0) internal      00000000067e8130: 08020 . 08020 [101] - busy (7ff0) internal      00000000067f0150: 08020 . 08020 [101] - busy (7ff0) internal      00000000067f8170: 08020 . 10020 [101] - busy (fff0) internal      0000000006808190: 10020 . 10020 [101] - busy (fff0) internal      00000000068181b0: 10020 . 20020 [101] - busy (1fff0) internal      00000000068381d0: 20020 . 10020 [101] - busy (fff0) internal      00000000068481f0: 10020 . 08020 [101] - busy (7ff0) internal      0000000006850210: 08020 . 20020 [101] - busy (1fff0) internal      0000000006870230: 20020 . 10020 [101] - busy (fff0) internal      0000000006880250: 10020 . 08020 [101] - busy (7ff0) internal      0000000006888270: 08020 . 10020 [101] - busy (fff0) internal      0000000006898290: 10020 . 20020 [101] - busy (1fff0) internal      00000000068b82b0: 20020 . 10020 [101] - busy (fff0) internal      00000000068c82d0: 10020 . 10020 [101] - busy (fff0) internal      00000000068d82f0: 10020 . 20020 [101] - busy (1fff0) internal      00000000068f8310: 20020 . 10020 [101] - busy (fff0) internal      0000000006908330: 10020 . 10020 [101] - busy (fff0) internal      0000000006918350: 10020 . 10020 [101] - busy (fff0) internal      0000000006928370: 10020 . 10020 [101] - busy (fff0) internal      0000000006938390: 10020 . 20020 [101] - busy (1fff0) internal      00000000069583b0: 20020 . 10020 [101] - busy (fff0) internal      00000000069683d0: 10020 . 10020 [101] - busy (fff0) internal      00000000069783f0: 10020 . 10020 [101] - busy (fff0) internal      0000000006988410: 10020 . 10020 [101] - busy (fff0) internal      0000000006998430: 10020 . 10020 [101] - busy (fff0) internal      00000000069a8450: 10020 . 40020 [101] - busy (3fff0) internal      00000000069e8470: 40020 . 10020 [101] - busy (fff0) internal      00000000069f8490: 10020 . 10020 [101] - busy (fff0) internal      0000000006a084b0: 10020 . 10020 [101] - busy (fff0) internal      0000000006a184d0: 10020 . 04020 [101] - busy (3ff0) internal      0000000006a1c4f0: 04020 . 10020 [101] - busy (fff0) internal      0000000006a2c510: 10020 . 40020 [101] - busy (3fff0) internal      0000000006a6c530: 40020 . 10020 [101] - busy (fff0) internal      0000000006a7c550: 10020 . 10020 [101] - busy (fff0) internal      0000000006a8c570: 10020 . 10020 [101] - busy (fff0) internal      0000000006a9c590: 10020 . 10020 [101] - busy (fff0) internal      0000000006aac5b0: 10020 . 40020 [101] - busy (3fff0) internal      0000000006aec5d0: 40020 . 10020 [101] - busy (fff0) internal      0000000006afc5f0: 10020 . 10020 [101] - busy (fff0) internal      0000000006b0c610: 10020 . 20020 [101] - busy (1fff0) internal      0000000006b2c630: 20020 . 40020 [101] - busy (3fff0) internal      0000000006b6c650: 40020 . 10020 [101] - busy (fff0) internal      0000000006b7c670: 10020 . 20020 [101] - busy (1fff0) internal      0000000006b9c690: 20020 . 03930 [100]     0000000006b9ffc0: 03930 . 00040 [111] - busy (3d)     0000000006ba0000:      00000000      - uncommitted bytes. heap entries segment04 in heap 0000000002330000     0000000006d80000: 00000 . 00070 [101] - busy (6f)     0000000006d80070: 00070 . 10020 [101] - busy (fff0) internal      0000000006d90090: 10020 . 40020 [101] - busy (3fff0) internal      0000000006dd00b0: 40020 . 20020 [101] - busy (1fff0) internal      0000000006df00d0: 20020 . 20020 [101] - busy (1fff0) internal      0000000006e100f0: 20020 . 20020 [101] - busy (1fff0) internal      0000000006e30110: 20020 . 40020 [101] - busy (3fff0) internal      0000000006e70130: 40020 . 20020 [101] - busy (1fff0) internal      0000000006e90150: 20020 . 40020 [101] - busy (3fff0) internal      0000000006ed0170: 40020 . 20020 [101] - busy (1fff0) internal      0000000006ef0190: 20020 . 20020 [101] - busy (1fff0) internal      0000000006f101b0: 20020 . 20020 [101] - busy (1fff0) internal      0000000006f301d0: 20020 . 40020 [101] - busy (3fff0) internal      0000000006f701f0: 40020 . 04020 [101] - busy (3ff0) internal      0000000006f74210: 04020 . 20020 [101] - busy (1fff0) internal      0000000006f94230: 20020 . 20020 [101] - busy (1fff0) internal      0000000006fb4250: 20020 . 40020 [101] - busy (3fff0) internal      0000000006ff4270: 40020 . 04020 [101] - busy (3ff0) internal      0000000006ff8290: 04020 . 20020 [101] - busy (1fff0) internal      00000000070182b0: 20020 . 20020 [101] - busy (1fff0) internal      00000000070382d0: 20020 . 04020 [101] - busy (3ff0) internal      000000000703c2f0: 04020 . 08020 [101] - busy (7ff0) internal      0000000007044310: 08020 . 40020 [101] - busy (3fff0) internal      0000000007084330: 40020 . 20020 [101] - busy (1fff0) internal

edit 10/26/2012

i found out place causing leak, inspecting memory content inside internal heap entry. contains number of memory allocation caused same operator new. don't know why combined 1 single heap entry looking @ content, managed find out code causing leak. perhaps, it's crt feature combine similar data 1 heap entry? or misunderstand meaning of heap entry completely?

tl;dr: heap blocks marked "internal" have special flag in _heap_entry.flags

[edit] revised previous answer proper answer.

here's guess attempt question.

according windbg help, "!heap" command code located in exts.dll (i.e. \winxp\exts.dll).

put dll on ida , downloaded symbols it. there’s 1 occurrence of "internal" in dll, inside dumpheapentry() function :

.text:0192463d                 movzx   eax, byte_1963152 .text:01924644                 test    eax, eax .text:01924646                 jz      short loc_1924656 .text:01924648                 push    offset ainternal ; " internal " .text:0192464d                 call    _extensionapis.lpoutputroutine ; sort of printf routine

the output of "internal" therefore conditioned value of byte_1963152 : if byte_1963152 not 0, "internal" printed. once occurrence of write value else 0 happens (in readheapentry() called @ start of dumpheapentry() ):

.text:0191f025                 movzx   eax, [ebp+var_b] .text:0191f029                 ,     eax, 8 .text:0191f02c                 jz      short loc_191f035 .text:0191f02e                 mov     byte_1963152, 1

this translates to:

if((uint)var_b & 8)     byte_1963152 = 1;

var_b set here :

text:0191eff7                 mov     eax, [ebp+var_18] .text:0191effa                 mov     edx, [ebp+var_14] .text:0191effd                 mov     cl, 10h          ; shift right 0x10 bits .text:0191efff                 call    __aullshr .text:0191f004                 mov     [ebp+var_b], al

__aullshr stands "arithmetic unsigned long long shift right". in above code eax low 32-bit part of 64-bit unsigned long long, while edx high 32-bit part. notice var_b 8-bit quantity ('al' register used).

hence:

// var_14_18 combination (64-bit) of var_14 , var_18 var_b = (char)(var_14_18 >> 0x10 );

var_14 , var_18 set here :

.text:0191ef01                 push    0 .text:0191ef03                 push    offset aagregatecode ; "agregatecode" .text:0191ef08                 push    0 .text:0191ef0a                 push    0 .text:0191ef0c                 call    _getshortfield@16 ; getshortfield(x,x,x,x) .text:0191ef11                 mov     [ebp+var_18], eax  ; high part .text:0191ef14                 mov     [ebp+var_14], edx  ; low part ; cut .text:0191ef28                 mov     ecx, [ebp+var_18] .text:0191ef2b                 ,     ecx, _encodeflagmask ; heap.encodeflagmask .text:0191ef31                 jz      short loc_191ef75 .text:0191ef33                 mov     edx, [ebp+var_18] .text:0191ef36                 xor     edx, _crtheapcode ; heap.encoding.code1 .text:0191ef3c                 mov     eax, [ebp+var_14] .text:0191ef3f                 xor     eax, dword_1963194 ; heap.encoding.code2 .text:0191ef45                 mov     [ebp+var_18], edx .text:0191ef48                 mov     [ebp+var_14], eax

so, windbg use getshortfield() function on "agregatecode" , sets both of aforementioned variable (which single unsigned long long value). note uses heap.encoding.code1 , heap.encoding.code2 xor both of value (heap the current heap heap entry part).

"agregatecode" field of both heap_entry , heap_free_entry structures (from win 8.1 x86):

0:000> dt _heap_entry -r2 ntdll!_heap_entry    +0x000 size             : uint2b    +0x002 flags            : uchar    +0x003 smalltagindex    : uchar    +0x000 subsegmentcode   : uint4b    +0x004 previoussize     : uint2b    +0x006 segmentoffset    : uchar    +0x006 lfhflags         : uchar    +0x007 unusedbytes      : uchar    +0x000 functionindex    : uint2b    +0x002 contextvalue     : uint2b    +0x000 interceptorvalue : uint4b    +0x004 unusedbyteslength : uint2b    +0x006 entryoffset      : uchar    +0x007 extendedblocksignature : uchar    +0x000 code1            : uint4b    +0x004 code2            : uint2b    +0x006 code3            : uchar    +0x007 code4            : uchar    +0x004 code234          : uint4b    +0x000 agregatecode     : uint8b

this translated c, gives: 

          typedef struct _heap_entry                       // 20 elements, 0x8 bytes (sizeof)            {                                                                                                  union                                        // 6 elements, 0x8 bytes (sizeof)                 {                                                                                                  struct                                   // 3 elements, 0x8 bytes (sizeof)                     {                                                                            /*0x000*/             uint16       size;                                                       /*0x002*/             uint8        flags;                                                      /*0x003*/             uint8        smalltagindex;                                              /*0x004*/             uint8        _padding0_[0x4];                                                              };                                                                                             struct                                   // 4 elements, 0x8 bytes (sizeof)                     {                                                                            /*0x000*/             ulong32      subsegmentcode;                                             /*0x004*/             uint16       previoussize;                                                                     union                                // 2 elements, 0x1 bytes (sizeof)                         {                                                                        /*0x006*/                 uint8        segmentoffset;                                          /*0x006*/                 uint8        lfhflags;                                                                     };                                                                       /*0x007*/             uint8        unusedbytes;                                                                  };                                                                                             struct                                   // 2 elements, 0x8 bytes (sizeof)                     {                                                                            /*0x000*/             uint16       functionindex;                                              /*0x002*/             uint16       contextvalue;                                               /*0x004*/             uint8        _padding1_[0x4];                                                              };                                                                                             struct                                   // 4 elements, 0x8 bytes (sizeof)                     {                                                                            /*0x000*/             ulong32      interceptorvalue;                                           /*0x004*/             uint16       unusedbyteslength;                                          /*0x006*/             uint8        entryoffset;                                                /*0x007*/             uint8        extendedblocksignature;                                                       };                                                                                             struct                                   // 2 elements, 0x8 bytes (sizeof)                     {                                                                            /*0x000*/             ulong32      code1;                                                                            union                                // 2 elements, 0x4 bytes (sizeof)                         {                                                                                                  struct                           // 3 elements, 0x4 bytes (sizeof)                             {                                                                    /*0x004*/                     uint16       code2;                                              /*0x006*/                     uint8        code3;                                              /*0x007*/                     uint8        code4;                                                                        };                                                                   /*0x004*/                 ulong32      code234;                                                                      };                                                                                         };                                                                           /*0x000*/         uint64       agregatecode;                                                                 };                                                                                         }heap_entry, *pheap_entry;

thus have following pseudo-code (minus other checks):

high_part, low_part = getshortfield(0,0,"agregatecode", 0); high_part ^= heap.encoding.code1; low_part ^= heap.encoding.code2; agregatecode = make64bitfromtwo32bit(high_part, low_part);     char var_b = (char)(agregatecode >> 0x10); if(var_b & 8)     printf("internal");

given "agregatecode" ... well, aggregate of code1 code 4 :

                  struct                                   // 2 elements, 0x8 bytes (sizeof)                     {                                                                            /*0x000*/             ulong32      code1;                                                                            union                                // 2 elements, 0x4 bytes (sizeof)                         {                                                                                                  struct                           // 3 elements, 0x4 bytes (sizeof)                             {                                                                    /*0x004*/                     uint16       code2;                                              /*0x006*/                     uint8        code3;                                              /*0x007*/                     uint8        code4;                                                                        };                                                                   /*0x004*/                 ulong32      code234;                                                                      };                                                                                         };                                                                           /*0x000*/         uint64       agregatecode;

if shift 0x10 , and 8 agregatecode field end testing 11th bit (start counting @ 0) of code1.

as structure big union, end testing: _heap_entry.flags

it happens heap flag has value 8, name is: heap_entry_virtual_alloc

http://doxygen.reactos.org/da/ddb/heap_8h_source.html#l00044

https://os-design.googlecode.com/svn/trunk/ntos/inc/heap.h

it seems flag used manage big allocations, although blocks used internally system , not available directly end user.

typically such internal blocks have flags member set 9: heap_entry_virtual_alloc | heap_entry_busy

[edit] example :

say have heap @ 0x005b0000 :

0:004> !heap -h index   address  name      debugging options enabled   1:   005b0000

this heap (_heap) has heap_entry marked "internal" @ 0x005b8d00:

0:004> !heap -h 005b0000 index   address  name      debugging options enabled   1:   005b0000      segment @ 005b0000 006b0000 (0009d000 bytes committed)     flags:                00000002     forceflags:           00000000     granularity:          8 bytes     segment reserve:      00100000     segment commit:       00002000     decommit block thres: 00000800     decommit total thres: 00002000     total free size:      00001ae8     max. allocation size: 7ffdefff     lock variable at:     005b0138     next tagindex:        0000     maximum tagindex:     0000     tag entries:          00000000     psuedotag entries:    00000000     virtual alloc list:   005b00a0     uncommitted ranges:   005b0090     freelist[ 00 ] @ 005b00c4: 0063fbc0 . 00633060   (7 blocks)      heap entries segment00 in heap 005b0000         005b0000: 00000 . 00588 [101] - busy (587)         //[cut]         005b8d00: 03d20 . 378b0 [101] - busy (378a8) internal

a detailed view of heap structure (notice "encoding" structure (_heap_entry) @ offset 0x50 helps decode encoded heap entry xor):

0:004> dt _heap 005b0000 -r1 ntdll!_heap    +0x000 entry            : _heap_entry       +0x000 size             : 0xbe38       +0x002 flags            : 0xf5 ''       +0x003 smalltagindex    : 0xff ''       +0x000 subsegmentcode   : 0xfff5be38        +0x004 previoussize     : 0xcf53       +0x006 segmentoffset    : 0 ''       +0x006 lfhflags         : 0 ''       +0x007 unusedbytes      : 0x1 ''       +0x000 functionindex    : 0xbe38       +0x002 contextvalue     : 0xfff5       +0x000 interceptorvalue : 0xfff5be38       +0x004 unusedbyteslength : 0xcf53       +0x006 entryoffset      : 0 ''       +0x007 extendedblocksignature : 0x1 ''       +0x000 code1            : 0xfff5be38       +0x004 code2            : 0xcf53       +0x006 code3            : 0 ''       +0x007 code4            : 0x1 ''       +0x000 agregatecode     : 0x100cf53`fff5be38    +0x008 segmentsignature : 0xffeeffee    +0x00c segmentflags     : 0    +0x010 segmentlistentry : _list_entry [ 0x5b00a8 - 0x5b00a8 ]       +0x000 flink            : 0x005b00a8 _list_entry [ 0x5b0010 - 0x5b0010 ]       +0x004 blink            : 0x005b00a8 _list_entry [ 0x5b0010 - 0x5b0010 ]    +0x018 heap             : 0x005b0000 _heap       +0x000 entry            : _heap_entry       +0x008 segmentsignature : 0xffeeffee       +0x00c segmentflags     : 0       +0x010 segmentlistentry : _list_entry [ 0x5b00a8 - 0x5b00a8 ]       +0x018 heap             : 0x005b0000 _heap       +0x01c baseaddress      : 0x005b0000        +0x020 numberofpages    : 0x100       +0x024 firstentry       : 0x005b0588 _heap_entry       +0x028 lastvalidentry   : 0x006b0000 _heap_entry       +0x02c numberofuncommittedpages : 0x63       +0x030 numberofuncommittedranges : 1       +0x034 segmentallocatorbacktraceindex : 0       +0x036 reserved         : 0       +0x038 ucrsegmentlist   : _list_entry [ 0x64cff0 - 0x64cff0 ]       +0x040 flags            : 2       +0x044 forceflags       : 0       +0x048 compatibilityflags : 0       +0x04c encodeflagmask   : 0x100000       +0x050 encoding         : _heap_entry       +0x058 pointerkey       : 0x75c3a7b       +0x05c interceptor      : 0       +0x060 virtualmemorythreshold : 0xfe00       +0x064 signature        : 0xeeffeeff       +0x068 segmentreserve   : 0x100000       +0x06c segmentcommit    : 0x2000       +0x070 decommitfreeblockthreshold : 0x800       +0x074 decommittotalfreethreshold : 0x2000       +0x078 totalfreesize    : 0x1ae8       +0x07c maximumallocationsize : 0x7ffdefff       +0x080 processheapslistindex : 1       +0x082 headervalidatelength : 0x138       +0x084 headervalidatecopy : (null)        +0x088 nextavailabletagindex : 0       +0x08a maximumtagindex  : 0       +0x08c tagentries       : (null)        +0x090 ucrlist          : _list_entry [ 0x64cfe8 - 0x64cfe8 ]       +0x098 alignround       : 0xf       +0x09c alignmask        : 0xfffffff8       +0x0a0 virtualallocdblocks : _list_entry [ 0x5b00a0 - 0x5b00a0 ]       +0x0a8 segmentlist      : _list_entry [ 0x5b0010 - 0x5b0010 ]       +0x0b0 allocatorbacktraceindex : 0       +0x0b4 nondedicatedlistlength : 0       +0x0b8 blocksindex      : 0x005b0150        +0x0bc ucrindex         : 0x005b0590        +0x0c0 pseudotagentries : (null)        +0x0c4 freelists        : _list_entry [ 0x633060 - 0x63fbc0 ]       +0x0cc lockvariable     : 0x005b0138 _heap_lock       +0x0d0 commitroutine    : 0x075c3a7b        long  +75c3a7b       +0x0d4 frontendheap     : 0x005b8d08        +0x0d8 frontheaplockcount : 0       +0x0da frontendheaptype : 0x2 ''       +0x0dc counters         : _heap_counters       +0x130 tuningparameters : _heap_tuning_parameters    +0x01c baseaddress      : 0x005b0000     +0x020 numberofpages    : 0x100    +0x024 firstentry       : 0x005b0588 _heap_entry       +0x000 size             : 0xbec1       +0x002 flags            : 0xf5 ''       +0x003 smalltagindex    : 0x6 ''       +0x000 subsegmentcode   : 0x06f5bec1        +0x004 previoussize     : 0xcfe2       +0x006 segmentoffset    : 0 ''       +0x006 lfhflags         : 0 ''       +0x007 unusedbytes      : 0x1 ''       +0x000 functionindex    : 0xbec1       +0x002 contextvalue     : 0x6f5       +0x000 interceptorvalue : 0x6f5bec1       +0x004 unusedbyteslength : 0xcfe2       +0x006 entryoffset      : 0 ''       +0x007 extendedblocksignature : 0x1 ''       +0x000 code1            : 0x6f5bec1       +0x004 code2            : 0xcfe2       +0x006 code3            : 0 ''       +0x007 code4            : 0x1 ''       +0x000 agregatecode     : 0x100cfe2`06f5bec1    +0x028 lastvalidentry   : 0x006b0000 _heap_entry       +0x000 size             : 0xeff8       +0x002 flags            : 0xe7 ''       +0x003 smalltagindex    : 0xff ''       +0x000 subsegmentcode   : 0xffe7eff8        +0x004 previoussize     : 0xd3df       +0x006 segmentoffset    : 0xc7 ''       +0x006 lfhflags         : 0xc7 ''       +0x007 unusedbytes      : 0xff ''       +0x000 functionindex    : 0xeff8       +0x002 contextvalue     : 0xffe7       +0x000 interceptorvalue : 0xffe7eff8       +0x004 unusedbyteslength : 0xd3df       +0x006 entryoffset      : 0xc7 ''       +0x007 extendedblocksignature : 0xff ''       +0x000 code1            : 0xffe7eff8       +0x004 code2            : 0xd3df       +0x006 code3            : 0xc7 ''       +0x007 code4            : 0xff ''       +0x000 agregatecode     : 0xffc7d3df`ffe7eff8    +0x02c numberofuncommittedpages : 0x63    +0x030 numberofuncommittedranges : 1    +0x034 segmentallocatorbacktraceindex : 0    +0x036 reserved         : 0    +0x038 ucrsegmentlist   : _list_entry [ 0x64cff0 - 0x64cff0 ]       +0x000 flink            : 0x0064cff0 _list_entry [ 0x5b0038 - 0x5b0038 ]       +0x004 blink            : 0x0064cff0 _list_entry [ 0x5b0038 - 0x5b0038 ]    +0x040 flags            : 2    +0x044 forceflags       : 0    +0x048 compatibilityflags : 0    +0x04c encodeflagmask   : 0x100000    +0x050 encoding         : _heap_entry       +0x000 size             : 0xbe89       +0x002 flags            : 0xf4 ''       +0x003 smalltagindex    : 0x4f 'o'       +0x000 subsegmentcode   : 0x4ff4be89        +0x004 previoussize     : 0xcf53       +0x006 segmentoffset    : 0 ''       +0x006 lfhflags         : 0 ''       +0x007 unusedbytes      : 0 ''       +0x000 functionindex    : 0xbe89       +0x002 contextvalue     : 0x4ff4       +0x000 interceptorvalue : 0x4ff4be89       +0x004 unusedbyteslength : 0xcf53       +0x006 entryoffset      : 0 ''       +0x007 extendedblocksignature : 0 ''       +0x000 code1            : 0x4ff4be89       +0x004 code2            : 0xcf53       +0x006 code3            : 0 ''       +0x007 code4            : 0 ''       +0x000 agregatecode     : 0xcf53`4ff4be89    +0x058 pointerkey       : 0x75c3a7b    +0x05c interceptor      : 0    +0x060 virtualmemorythreshold : 0xfe00    +0x064 signature        : 0xeeffeeff    +0x068 segmentreserve   : 0x100000    +0x06c segmentcommit    : 0x2000    +0x070 decommitfreeblockthreshold : 0x800    +0x074 decommittotalfreethreshold : 0x2000    +0x078 totalfreesize    : 0x1ae8    +0x07c maximumallocationsize : 0x7ffdefff    +0x080 processheapslistindex : 1    +0x082 headervalidatelength : 0x138    +0x084 headervalidatecopy : (null)     +0x088 nextavailabletagindex : 0    +0x08a maximumtagindex  : 0    +0x08c tagentries       : (null)     +0x090 ucrlist          : _list_entry [ 0x64cfe8 - 0x64cfe8 ]       +0x000 flink            : 0x0064cfe8 _list_entry [ 0x5b0090 - 0x5b0090 ]       +0x004 blink            : 0x0064cfe8 _list_entry [ 0x5b0090 - 0x5b0090 ]    +0x098 alignround       : 0xf    +0x09c alignmask        : 0xfffffff8    +0x0a0 virtualallocdblocks : _list_entry [ 0x5b00a0 - 0x5b00a0 ]       +0x000 flink            : 0x005b00a0 _list_entry [ 0x5b00a0 - 0x5b00a0 ]       +0x004 blink            : 0x005b00a0 _list_entry [ 0x5b00a0 - 0x5b00a0 ]    +0x0a8 segmentlist      : _list_entry [ 0x5b0010 - 0x5b0010 ]       +0x000 flink            : 0x005b0010 _list_entry [ 0x5b00a8 - 0x5b00a8 ]       +0x004 blink            : 0x005b0010 _list_entry [ 0x5b00a8 - 0x5b00a8 ]    +0x0b0 allocatorbacktraceindex : 0    +0x0b4 nondedicatedlistlength : 0    +0x0b8 blocksindex      : 0x005b0150     +0x0bc ucrindex         : 0x005b0590     +0x0c0 pseudotagentries : (null)     +0x0c4 freelists        : _list_entry [ 0x633060 - 0x63fbc0 ]       +0x000 flink            : 0x00633060 _list_entry [ 0x632fc8 - 0x5b00c4 ]       +0x004 blink            : 0x0063fbc0 _list_entry [ 0x5b00c4 - 0x633390 ]    +0x0cc lockvariable     : 0x005b0138 _heap_lock       +0x000 lock             : <unnamed-tag>    +0x0d0 commitroutine    : 0x075c3a7b     long  +75c3a7b    +0x0d4 frontendheap     : 0x005b8d08     +0x0d8 frontheaplockcount : 0    +0x0da frontendheaptype : 0x2 ''    +0x0dc counters         : _heap_counters       +0x000 totalmemoryreserved : 0x100000       +0x004 totalmemorycommitted : 0x9d000       +0x008 totalmemorylargeucr : 0       +0x00c totalsizeinvirtualblocks : 0       +0x010 totalsegments    : 1       +0x014 totalucrs        : 1       +0x018 committops       : 0x19       +0x01c decommitops      : 0       +0x020 lockacquires     : 0xd37       +0x024 lockcollisions   : 0       +0x028 commitrate       : 0x24       +0x02c decommittrate    : 0xb       +0x030 commitfailures   : 0       +0x034 inblockcommitfailures : 0       +0x038 compactheapcalls : 0       +0x03c compacteducrs    : 0       +0x040 allocandfreeops  : 0       +0x044 inblockdeccommits : 0       +0x048 inblockdeccomitsize : 0       +0x04c highwatermarksize : 0x9cde0       +0x050 lastpolledsize   : 0x8f9c8    +0x130 tuningparameters : _heap_tuning_parameters       +0x000 committthresholdshift : 4       +0x004 maxprecommittthreshold : 0xfe000

now detailed view of _heap_entry (marked internal). encoded structure, can decoded xoring _heap.encoding member:

0:004> dt _heap_entry 005b8d00 ntdll!_heap_entry    +0x000 size             : 0xd19f    +0x002 flags            : 0xfd ''    +0x003 smalltagindex    : 0x3f '?'    +0x000 subsegmentcode   : 0x3ffdd19f     +0x004 previoussize     : 0xc8f7    +0x006 segmentoffset    : 0 ''    +0x006 lfhflags         : 0 ''    +0x007 unusedbytes      : 0x8 ''    +0x000 functionindex    : 0xd19f    +0x002 contextvalue     : 0x3ffd    +0x000 interceptorvalue : 0x3ffdd19f    +0x004 unusedbyteslength : 0xc8f7    +0x006 entryoffset      : 0 ''    +0x007 extendedblocksignature : 0x8 ''    +0x000 code1            : 0x3ffdd19f    +0x004 code2            : 0xc8f7    +0x006 code3            : 0 ''    +0x007 code4            : 0x8 ''    +0x000 agregatecode     : 0x800c8f7`3ffdd19f

now commented code :

1) fetch aggregate form heap_entry
2) decode (xor) heap_entry heap.encoding member
3) shift result _heap_entry.flags
4) , result heap_entry_virtual_alloc (8) see if it's internal block

cpu disasm address     command                                  comments 730aef01    push 0                                   ; /arg4 = 0 730aef03    push ??_c@_0n@bcmfepjj@agregatecode?$aa@ ; |arg3 = ascii "agregatecode" 730aef08    push 0                                   ; |arg2 = 0 730aef0a    push 0                                   ; |arg1 = 0 730aef0c    call getshortfield                       ; \exts.getshortfield 730aef11    mov dword ptr ss:[local.6],eax           ; low part = 0x3ffdd19f (_heap_entry.code1) 730aef14    mov dword ptr ss:[local.5],edx           ; high part = 0x0800c8f7 730aef17    mov edx,dword ptr ss:[local.6] 730aef1a    mov dword ptr ds:[730f3158],edx 730aef20    mov eax,dword ptr ss:[local.5] 730aef23    mov dword ptr ds:[730f315c],eax 730aef28    mov ecx,dword ptr ss:[local.6]           ; 0x3ffdd19f 730aef2b    , ecx,dword ptr ds:[encodeflagmask]    ; ecx = 0x3ffdd19f ^ 0x00100000 = 0x00100000 730aef31    je short 730aef75 730aef33    mov edx,dword ptr ss:[local.6]           ; edx = 0x3ffdd19f 730aef36    xor edx,dword ptr ds:[crtheapcode]       ; edx = 0x3ffdd19f ^ 0x4ff4be89 = 0x70096f16 730aef3c    mov eax,dword ptr ss:[local.5]           ; eax = 0x0800c8f7 730aef3f    xor eax,dword ptr ds:[730f3194]          ; eax = 0x0800c8f7 ^ 0xcf53 = 0x080007a4 730aef45    mov dword ptr ss:[local.6],edx           ; edx = 0x70096f16 730aef48    mov dword ptr ss:[local.5],eax           ; eax = 0x080007a4 ;[...]     730aefee    movzx eax,word ptr ss:[local.6] 730aeff2    mov dword ptr ds:[crtheapentry],eax      ; entry = 0x6f16 730aeff7    mov eax,dword ptr ss:[local.6]           ; low part = 0x70096f16 730aeffa    mov edx,dword ptr ss:[local.5]           ; high part = 0x080007a4 730aeffd    mov cl,10 730aefff    call _aullshr 730af004    mov byte ptr ss:[local.3+1],al           ; 0x00000800:07a47009 -> al = 9 730af007    movzx ecx,byte ptr ss:[local.3+1] 730af00b    , ecx,ffffffe6 730af00e    or ecx,dword ptr ds:[730f3148] 730af014    mov dword ptr ds:[730f3148],ecx 730af01a    mov edx,dword ptr ds:[730f3148] 730af020    , edx,00000001 730af023    je short 730af035 730af025    movzx eax,byte ptr ss:[local.3+1]        ; eax = 9  730af029    , eax,00000008                         ; 9 & 8 = 1 730af02c    je short 730af035 730af02e    mov byte ptr ds:[730f3152],1             ; set "internal" flag

hope helps!


Comments

Post a Comment

Popular posts from this blog

.htaccess - First slash is removed after domain when entering a webpage in the browser -

sometimes when hit address of webpage in browser, removes first slash after domain. examples: www.mywebsite.com/scripts/script_6.php -> trying load www.mywebsite.comscripts/script_6.php www.mywebsite.com/test.php -> trying load www.mywebsite.comtest.php after entering again, loads page. a .htaccess settings must wrong: rewritebase / errordocument 404 http://www.mywebsite.com/oops.php errordocument 401 /notallowed.php rewriteengine on # turn on rewriting engine #gzip <ifmodule mod_deflate.c> addoutputfilterbytype deflate text/text text/html text/plain text/xml text/css application/x- javascript application/javascript </ifmodule> #end gzip rewritecond %{http_host} ^mywebsite\.com rewriterule ^(.*)$ http://www.mywebsite.com$1 [r=permanent,l] directoryindex index6.php rewriterule ^termsofuse/?$ termsofuse.php [nc,l] # handle requests "adpolicy" rewriterule ^privacy-policy/?$ privacy-policy.php [nc,l] # handle requ...
Read more

Automatically create pages in phpfox -

i have array of information of places , wanna use them create multiple pages in phpfox site. first tried manually insert data in phpfox database (in tables of phpfox_pages , phpfox_pages_text ). the page shown in site when opening it's link, site says: the page looking cannot found. do know other tables should manipulate make work? or know plugin phpfox same? thanks, solved ( @purefan guide): "pages" has user if take @ phpfox_user table, you'll found out how fetch new records on that. there 2 ambiguous fields in table ( password & password_salt ). can use script create values fields: <?php function generaterandomstring() { $length = 164; $characters = '-_0123456789abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz'; $randomstring = ''; ($i = 0; $i < $length; $i++) { $randomstring .= $characters[rand(0, strlen($characters) - 1)]; } return $randomstring; } $ssalt = '';...
Read more

c# - Farseer ContactListener is not working -

i'm using farseer in xna project, have trouble contactlistener. created class contactlistener these 2 error messages , don't know how fix problems. the type or namespace name 'contactlistener' not found (are missing using directive or assembly reference?) the type or namespace name 'contactimpulse' not found (are missing using directive or assembly reference?) what wrong contactlistener class? class mycontactlistener: contactlistener { void begincontact(contact contact) { /* handle begin event */ } void endcontact(contact contact) { /* handle end event */ } void presolve(contact contact, ref manifold oldmanifold) { fixture fixturea = contact.fixturea; fixture fixtureb = contact.fixtureb; if (fixtureb.collisioncategories == category.cat10) { contact.enabled = false; } } void postsolve(contact contact, ref contactimpulse impulse) { /* handle post-solve event */ } }...
Read more