Heap is one of the most important memory structures used by almost every programs. Windows Heap Manager is at core of heap management. In this blog, I would like to focus on the heap monitoring feature provided by Windows Heap Manager and some other useful tools in the context of detecting heap overrun. All the examples are based on 64-bit Windows 7 Operating System. The memory structures and layouts in 32-bit OS are similar to 64-bit ones, usually it’s just the size difference (which is half of the 64-bit ones).
Note: A major revamp has done to Windows Heap Manager in Windows Vista and continued in Windows 7. The purpose of those changes is to improve Heap Manager’s performance, security and error resilience and monitoring. There are many great books and articles online about the details of latest Windows Heap Manager, such like [AWD07] and [WININT09].