Example 10: Detecting a Heap Memory Leak in a Process
This example uses GFlags and User Mode Dump Heap (UMDH, umdh.exe), a tool included in Microsoft Debugging Tools for Windows.
To detect a leak in heap memory in notepad.exe
Set the Create user mode stack trace database (ust) flag for the notepad.exe image file.
The following command uses GFlags to set the Create user mode stack trace database flag. It uses the /i parameter to identify the image file and the ust abbreviation for the flag.
gflags /i Notepad.exe +ust
As a result of this command, a user-mode stack trace is created for all new instances of the Notepad process.
Set the symbol file path.
The following command creates an environment variable that stores the path to the directory of symbol files:
set _NT_SYMBOL_PATH=C:\Windows\symbols
Start Notepad.
Find the process identifier (PID) of the Notepad process.
You can find the PID of any running process from Task Manager or Tasklist (tasklist.exe), a tool included in Windows XP Professional and Windows Server 2003 operating systems. In this example, the Notepad PID is 1228.
Run UMDH.
The following command runs UMDH (umdh.exe). It uses the -p: parameter to specify the PID that, in this example, is 1228. It uses the /f: parameter to specify the name and location of the output file for the heap dump, notepad.dmp.
umdh -p:1228 -f:notepad.dmp
In response, UMDH writes a complete dump of all active heaps to the notepad.dmp file.