Microsoft KB Archive/300966

= How to debug heap corruption issues in Internet Information Services (IIS) =

Article ID: 300966

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Internet Information Services 5.0
 * Microsoft Internet Information Services 5.1
 * Microsoft Internet Information Services 6.0

-



This article was previously published under Q300966



SUMMARY
This article describes how to use Pageheap.exe in NORMAL mode to debug heap corruption issues in IIS applications. The tools that are used in this article are the IIS Crash/Hang Agent and the Gflags/Pageheap tools. You can download the tools from the Microsoft Download Center.



MORE INFORMATION
Heap corruption occurs when a thread allocates a block of heap memory of a given size and then writes to memory addresses that are beyond the requested size of the heap block. Another common cause of heap corruption is writing to a block of memory that has been freed (old pointer reuse) or freeing a block of memory that was already freed.

Debugging heap corruption issues is not an easy task because the thread that causes the exception is not usually the thread that caused the corruption. To find the thread that caused the corruption, you must use Pageheap.exe. Pageheap.exe is a software validation layer between the application and the system. Pageheap.exe verifies all dynamic memory applications. You can enable Pageheap.exe in NORMAL or FULL mode; you can also enable Pageheap.exe for specific targeted DLLs. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

286470 How to use Pageheap.exe in Windows XP and Windows 2000

The following file is available for download from the Microsoft Download Center:

Download the IISDebugTools.exe package now. For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. To use Pageheap.exe, follow these steps:  Download and install the IIS Crash/Hang Agent and the IISDump tools. Use the GUI or the command line to enable Pageheap.exe:  To use the GUI, follow these steps:  Run Gflags.exe. For Image File Name, type the name of the process that you want to debug. For an IIS 5.0 Web site, the name of this process is Inetinfo.exe, Dllhost.exe, or Aspnet_wp.exe. For an IIS 6.0 Web site, the name of this process is Inetinfo.exe or W3wp.exe. Under Destination, click the Image File Options option. In the lower pane of the Global Flags dialog box, click Enable page heap.</li> Click Apply, and then click OK.</li></ol> </li></ul>

<ul> To use the command line, follow these steps: <ol style="list-style-type: lower-alpha;"> Switch to the folder where the IIS Crash/Hang Agent is installed.</li> Run the following command:

gflags –p /enable

NoteFor IIS 5.0,  is Inetinfo.exe, Dllhost.exe, or Aspnet_wp.exe. For IIS 6.0,  is Inetinfo.exe or W3wp.exe.</li></ol> </li></ul> </li> If the targeted process is Inetinfo.exe, use the Iisreset command to restart IIS. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, click Run, type Cmd, and then click OK.</li> At the command prompt, type Iisreset  /restart, and then press ENTER.

Replace  with the name of your IIS server.</li></ol>

If the targeted process is Dllhost.exe or Aspnet_wp.exe, unload and then reload the Web application (you do not have to restart IIS).</li> Attach the debugger to the targeted process: <ol style="list-style-type: lower-alpha;"> Switch to the folder where you installed the IIS Crash/Hang Agent and the IISDump tools.</li> At a command prompt, run the following command:

iisdump.exe –I –p [PID of Targeted process]

</li></ol> </li></ol>

When the corruption occurs, a breakpoint exception dump file or a second chance access violation dump file is created. You must use the Windows debugger (Cdb.exe or Windbg.exe) to analyze the dump file so that you find the cause of the corruption.

Remember that in certain circumstances, Pageheap.exe may not help find the cause of the corruption when Pageheap.exe is running in NORMAL mode. If this occurs, run Pageheap.exe in FULL mode.

When you complete the debugging, you can disable Pageheap.exe. To do this, either click to clear the Enable Pageheap check box in the Gflags GUI, or run the following command at a command prompt:

gflags –p /disable

Note For IIS 5.0,  is Inetinfo.exe, Dllhost.exe, or Aspnet_wp.exe. For IIS 6.0,  is Inetinfo.exe or W3wp.exe.

Note Running Gflags with the –p switch is the same as running Pageheap.exe. For example, both of the following commands cause Pageheap.exe to run in NORMAL mode for the Inetinfo.exe process:
 * Gflags –p /enable inetinfo.exe
 * Pageheap.exe /enable inetinfo.exe

Keywords: kbhowto kbinfo kbdebug KB300966

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.