Topic created on: September 5, 2010 07:54 CDT by 0xvoila .

hii guys ..

i m new to heap debugging with windbg ... so during this i using book "advance debugging technique ..."  . So i work out like this ..

step 1 -> get the handler of default heap .. say it is 0x00040000

step 2 -> dt _heap 00040000

then at offset 0x0c4 .. i found offset of freelist .. bt in book they said freelist offset is always at "0x178"

step 3 -> dt _LIST_ENTRY 00040000+0x0c4

then i found
+0x000 Flink            : 0x00424268 _LIST_ENTRY
+0x004 Blink            : 0x004252a8 _LIST_ENTRY

step 4-> dt _heap_entry 0x00424268-0x8 ... then dump struc is this ..
0:000> dt _heap_entry 0x0042460
ntdll!_HEAP_ENTRY
   +0x000 Size             : 0xfeee
   +0x002 Flags            : 0xee ''
   +0x003 SmallTagIndex    : 0xfe ''
   +0x000 SubSegmentCode   : 0xfeeefeee

  THIS STRUCTURE ITSELF IS WEIRD , SIZE IS 0xfeee.. i m really tired of trying myself .. I dun know where i m doing wrong ...

can anybody help me out .. thanks ...