Hello,
I can readily dump the entire memory space of a process using various tools.
But is it possible to dump just the memory space used by a DLL loaded by some process? What tools should I use?
Thanks,
Jim
A:
You probably mean looking at the memory allocated by code in the DLL.
I think this is impossible. If the DLL allocates memory, and the DLL is written in C++, and the C/C++ Run Time is dynamically linked (i.e. as DLL), then it will use the same C/C++ Run Time as the main application, and all DLL's allocated memory will be allocated on the same heap.
Even if the DLL would have the C/C++ Run Time statically linked, or the DLL is written in a different language, it will probably use the same default Windows heap.
If you have control over the DLL yourself, you could try to implement a custom memory manager for your DLL (in C++ this means overriding new and delete, 6 global operators in total), try to use a different (i.e. non-default) Windows heap, and then using the heapwalk methods of the low-level Windows debugger WinDbg, but it will be quite difficult to get this all working. Or your DLL's custom memory manager could allocate memory at a fixed address using VirtualAlloc (or non-fixed, and then logging the virtual address). Then you can look at this address space in the normal process memory dump.
Patrick
2010-07-12 23:58:04