Windows Tools

PageHeap Syntax

Overview | Notes | Syntax | Examples | Related Tools

PageHeap uses the following syntax:

One Step pageheap [/enable ProgramName] [/disable ProgramName] [/full | /size SizeStart SizeEnd | /address AddressStart AddressEnd | /dlls DLL [...Dll] | /random Probability] [/debug | /kdebug] [/backwards] [/unaligned] [/decommit] [/notraces] [/fault Rate [Timeout]] [/leaks] [/protect] [/no_sync] [/no_lock_checks]


/enable ProgramName
Enables page heap with default settings. ProgramName is the name of the program including the file extension.
/disable ProgramName
Disables page heap. ProgramName is the name of the program including the file extension.
Specifies page heap for all allocations. Full-page heap allocations are memory intensive and should only be used in conjunction with a specified allocation range or DLL for large-scale processes. For more information about the full-page heap method, see Choosing a Method to Investigate Heap Block Corruptions in PageHeap Notes.
/size SizeStart SizeEnd
Specifies PageHeap allocations for a size range. SizeStart and SizeEnd are decimal integers.
/address AddressStart AddressEnd
Allows page heap allocations only in blocks that are contained in the stack trace, captured at the moment of allocation, and only if the address also falls in the specified range of addresses. AddressStart and AddressEnd specify the address range to be searched on all allocation stack traces and are specified as hexadecimal numbers in "C" syntax (that is, 0xAABBCCDD). This parameter is not commonly used.


/dlls DLL
Allocates in full-page heap only if the request comes from certain DLLs, and redirects all imports for the specified DLL to page heap functions. DLL is the name of a binary file including its file extension. The following imported functions are redirected:
HeapAlloc/Free GlobalAlloc/Free LocalAlloc/Free
malloc/free operator new/delete operator new[ ]/delete[ ]
/random Probability
Allows page heap to decide randomly if the allocation will be made in full-page heap or in normal page heap. Probability is a decimal integer from 0 through 100, representing the probability of a full-page heap allocation, rather than a normal heap allocation. Probability of 100 is the equivalent of using the /full parameter. Probability of 0 is the equivalent of using normal page heap.
Automatically launches PageHeap under debugger "ntsd -g -G -x" and attaches to the process specified by the /enable parameter. For more information, see Automatically Attaching a Debugger When the Application Starts in PageHeap Notes.
Launches PageHeap under debugger "ntsd -g -G -d -x" and redirects debugger output to the kernel debugger if there is one attached. This paremeter is not commonly used.
Places a non-accessible page at the beginning of an allocation, rather than the end of it. This enables PageHeap to find overruns at the start of the buffer, instead of end buffer overruns. Use /backwards only with the /full parameter.
Directs page heap manager to ignore the 8-byte alignment rule and always align the end of the allocation at a page boundary. For more information, see Unaligned Allocations in PageHeap Notes.


Enables the use of the reserved virtual space feature, instead of non-accessible committed pages, and therefore reduces memory overhead. For more information, see Uncommitted Pages for Full-Page Heap Allocations in PageHeap Notes.
Specifies that no stack traces are collected.
/fault Rate [Timeout]
Simulates low memory conditions by introducing heap allocation errors into the application being tested (fault injection). Rate is an integer from 1 through 10000 representing the probability that an allocation will fail. Timeout is the number of seconds that fault injection is disabled after an application starts. For more information, see Fault Injection in PageHeap Notes.
Checks for heap leaks when a process shuts down. The /leaks parameter is effective only when normal page heap is enabled (that is, not full-page heap). Therefore, when the /leaks parameter is specified, all flags that force full-page heap are disabled.
Protects heap internal structures. The /protect parameter can be used to detect random corruptions, but will slow execution.
Checks for unsynchronized access and causes page heap to break if it detects that a heap created with HEAP_NO_SERIALIZE flag is accessed from different threads. Do not use this flag for a process that has its own custom heap manager (for example, MPheap process). If a process has a custom scheme to synchronize access then this parameter will give false positives.


Sample Usage

pageheap /enable csapp.exe
pageheap /enable csapp.exe /full
pageheap /enable csapp.exe /dlls ole32.dll mshtml.dll jscript.dll
pageheap /enable csapp.exe /full /size 20 36
pageheap /enable csapp.exe /full /random 25
pageheap /enable csapp.exe /full /backwards
pageheap /enable csapp.exe /full /unaligned
pageheap /enable csapp.exe /full /decommit