Home
%3CLINGO-SUB%20id%3D%22lingo-sub-376844%22%20slang%3D%22en-US%22%3EDebugging%20Heap%20corruption%20with%20Application%20Verifier%20and%20Debugdiag%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-376844%22%20slang%3D%22en-US%22%3E%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3EWhen%20dynamic%20allocation%2Fdeallocation%20of%20memory%20is%20not%20handled%20properly%20by%20user%20code%2C%20this%20might%20lead%20to%20memory%20blocks%20in%20the%20heap%20being%20corrupted.%20There%20are%20many%20causes%20of%20heap%20corruption.%20Some%20of%20the%20common%20causes%20are%3A%20Buffer%20overrun%20(Writing%20beyond%20the%20allocated%20memory)%2C%20Double%20free%20(Freeing%20a%20pointer%20twice)%20and%20Old%20pointer%20reuse(Reusing%20a%20pointer%20after%20being%20freed).%26nbsp%3B%20The%20difficulty%20with%20troubleshooting%20heap%20corruption%20is%20because%20when%20a%20thread%20for%20instance%20corrupts%20the%20heap%2C%20the%20process%20does%20not%20terminate%20or%20throws%20an%20error!%20As%20long%20as%20the%20corrupted%20heap%20is%20not%20used%2C%20the%20process%20will%20not%20crash%2C%20but%20once%20a%20thread%20tries%20to%20use%20that%20corrupted%20block%20of%20memory%20in%20the%20heap%2C%20the%20process%20crashes!%20If%20a%20crash%20rule%20is%20active%20and%20the%20process%20crashes%20because%20of%20heap%20corruption%2C%26nbsp%3B%20what%20we%20would%20see%20as%20a%20%E2%80%9Cculprit%E2%80%9D%20thread%20that%20caused%20the%20crash%20is%20actually%20nothing%20more%20than%20a%20victim%20thread!%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3ESo%20to%20get%20to%20the%20root%20of%20the%20problem%20and%20find%20out%20the%20cause%20of%20the%20corruption%2C%20that%20is%20the%20thread%20that%20corrupted%20the%20heap%2C%20Pagegeap%20should%20be%20enabled.%20Pageheap%20could%20be%20enabled%20directly%20in%20debugdiag%20via%20a%20crash%20rule%20and%20would%20provide%20the%20desired%20results%2C%20but%20if%20you%20would%20want%20to%20get%20more%20granular%20information%20about%20the%20corruption%20to%20simplify%20the%20code%20fix%2C%20Application%20verifier%20could%20be%20used%20in%20conjunction%20with%20debugdiag%20to%20get%20such%20information.%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3ETo%20turn%20on%20pageheap%20for%20the%20worker%20process%20w3wp.exe%20and%20attach%20the%20debugdiag%20debugger%20host%20to%20it%2C%20here%20is%20how%20to%20do%20that%3A%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3EFirst%2C%20download%20and%20install%20both%20tools%3A%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20inherit%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%201.7142%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%26nbsp%3B%3CA%20style%3D%22background-color%3A%20transparent%3B%20box-sizing%3A%20border-box%3B%20color%3A%20%23146cac%3B%20text-decoration%3A%20underline%3B%22%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D20028%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EDownload%20Application%20Verifier%3C%2FA%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20inherit%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%201.7142%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%26nbsp%3B%3CA%20style%3D%22background-color%3A%20transparent%3B%20box-sizing%3A%20border-box%3B%20color%3A%20%23146cac%3B%20text-decoration%3A%20underline%3B%22%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D49924%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EDownload%20DebugDiag%202.2%3C%2FA%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20inherit%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%201.7142%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20inherit%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%201.7142%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%20Start%20Application%20Verifier%20(Start%20--%26gt%3B%20Programs%20--%26gt%3B%20Application%20Verifier%20--%26gt%3B%20Application%20Verifier).%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20inherit%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%201.7142%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%20Click%20File%20--%26gt%3B%20Add%20Application%20and%20browse%20to%20C%3A%5CWindows%5CSystem32%5CInetsrv%5Cw3wp.exe%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20inherit%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%201.7142%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%20In%20the%20Tests%20Panel%2C%20expand%20Basics%20checkbox%20and%20uncheck%20all%20except%20Heaps%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20578px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F93692i41DB7056B324A5B1%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22AppVerifHeaps.JPG%22%20title%3D%22AppVerifHeaps.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23ffffff%3B%20color%3A%20%23333333%3B%20font-family%3A%20'Segoe%20UI'%2CTahoma%2CArial%2C'Helvetica%20Neue'%2CHelvetica%2CSans-Serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E-%20In%20the%20Tests%20Panel%20again%2C%20select%20Heaps%20checkbox%20and%20click%20Edit%20--%26gt%3B%20Verifier%20Stop%20Options%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23ffffff%3B%20color%3A%20%23333333%3B%20font-family%3A%20'Segoe%20UI'%2CTahoma%2CArial%2C'Helvetica%20Neue'%2CHelvetica%2CSans-Serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20556px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F93693i51E5678B632387C0%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22AppVerifStops.JPG%22%20title%3D%22AppVerifStops.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3EThis%20basically%20shows%20the%20stop%20codes%20that%20application%20verifier%20generates.%20The%20defaults%20actions%20are%20for%20all%20stop%20codes.%20The%20most%20important%20action%20here%20is%26nbsp%3B%20the%20%22Breakpoint%22%20in%20the%20Error%20Reporting%20section%20which%20means%20that%20Application%20Verifier%20will%20call%20into%20the%20breakpoint%20exception%20when%20it%20detects%20that%20the%20heap%20is%20being%20corrupted.%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%20Start%20Debugdiag%20(Start%20--%26gt%3B%20DebugDiag%202%20collection)%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%20Add%20a%20crash%20rule%20against%20a%20specific%20process.%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%20Type%20in%20%22w3wp.exe%22%20in%20the%20%22Select%20Target%22%20window%20and%20make%20sure%20the%20%22This%20process%20instance%20only%22%20check%20box%20is%20unchecked!%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%20In%20the%20%22Advanced%20Configuration%20(Optional)%22%20window%2C%20click%20Exceptions...%20and%20add%2080000003%20exception%20with%20an%20action%20type%20of%20Full%20Userdump.%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%20Finish%20the%20wizard%20and%20Activate%20the%20rule.%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%20Restart%20IIS%20so%20the%20new%20w3wp.exe%20loads%20both%20pageheap%20layer%20and%20application%20verifier%20dlls.%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3ENote%3A%20Since%20pageheap%20is%20enabled%20per%20process%2C%20every%20instance%20of%20w3wp.exe%20running%20on%20the%20system%20will%20have%20pageheap%20on%20along%20with%20application%20verifier.%20There%20is%20also%20a%20performance%20impact%20associated%20with%20pageheap%20that%20would%20cause%20the%20processing%20to%20slow%20down%20due%20to%20heap%20verification.%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3ESo%20basically%2C%20the%20above%20configuration%20will%20make%20application%20verifier%20calls%20into%20the%20breakpoint%20exception%20when%20it%20detects%20that%20a%20heap%20operation%20is%20corrupting%20the%20heap.%20When%20the%20breakpoint%20exception%20is%20called%2C%20debugdiag%20will%20generate%20a%20full%20userdump.%20Post-mortem%26nbsp%3B%20analysis%20of%20the%20userdump%20will%20give%20details%20about%20the%20corruption%20such%20as%20the%20call%20stack%2C%20the%20type%20of%20corruption%2C%20the%20heap%20address%20being%20corrupted...%20etc.%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3EHere%20is%20a%20simple%20example%20on%20how%20application%20verifier%20calls%20into%20the%20breakpoint%20exception%20after%20detecting%20a%20buffer%20overrun%3C%2FP%3E%0A%3CPRE%3E0%3A009%26gt%3B%20kb%20%0AChildEBP%20RetAddr%20%20Args%20to%20Child%20%20%20%20%20%20%20%20%20%20%20%20%20%20%0A0685f71c%20004c3933%20139f8126%2002206ff8%2002206ff0%20ntdll!DbgBreakPoint%20%0A0685f920%20004c7487%20004cb5d8%2000000013%200a501000%20vrfcore!VerifierStopMessageEx%2B0x4bd%20%0A0685f944%20009030f9%2000000013%20008f33a8%200a501000%20vrfcore!VfCoreRedirectedStopMessage%2B0x81%20%0A0685f974%20008f97aa%2000000013%20008f33a8%200a501000%20vfbasics!VfBasicsStopMessage%2B0x1c9%20%0A0685f9d8%20008f8ed8%200685fa00%200685fa00%200685fa10%20vfbasics!AVrfpCheckFirstChanceException%2B0x13a%20%0A0685f9e8%207c84f937%200685fa00%200685faac%200685faac%20vfbasics!AVrfpVectoredExceptionHandler%2B0x18%20%0A0685fa10%207c813fb5%2000000000%2002206ff0%207c888f68%20ntdll!RtlpCallVectoredHandlers%2B0x57%20%0A0685fa24%207c814055%200685faac%200685fac8%2077bd8930%20ntdll!RtlCallVectoredExceptionHandlers%2B0x15%20%0A0685fa94%207c82ecc6%200685faac%200685fac8%200685faac%20ntdll!RtlDispatchException%2B0x19%20%0A0685fa94%2009531614%200685faac%200685fac8%200685faac%20ntdll!KiUserExceptionDispatcher%2B0xe%20%0A0685fda4%20095313ef%200686de18%2000000001%200686de18%20badEXT!doHC1%2B0x24%20%0A0685fdc4%205a322991%200686de18%200686cb60%200686d7a8%20badEXT!HttpExtensionProc%2B0x108%20%0A0685fde4%205a3968ff%200686dd90%20095312e7%200685fe10%20w3isapi!ProcessIsapiRequest%2B0x214%20%0A0685fe18%205a3967e0%2000000000%2000000000%200686cb60%20w3core!W3_ISAPI_HANDLER%3A%3AIsapiDoWork%2B0x3fd%20%0A0685fe38%205a396764%200685fea8%200686cb60%2000000000%20w3core!W3_ISAPI_HANDLER%3A%3ADoWork%2B0xb0%20%0A0685fe58%205a3966f4%200686cb60%2000000000%200685fe84%20w3core!W3_HANDLER%3A%3AMainDoWork%2B0x16e%20%0A0685fe68%205a3966ae%200686cb68%200686cb60%2000000001%20w3core!W3_CONTEXT%3A%3AExecuteCurrentHandler%2B0x53%20%0A0685fe84%205a396648%2000000001%200685fea8%2007e84ff8%20w3core!W3_CONTEXT%3A%3AExecuteHandler%2B0x51%20%0A0685feac%205a392264%2000000000%2000000000%2000000000%20w3core!W3_STATE_HANDLE_REQUEST%3A%3ADoWork%2B0x9a%20%0A0685fed0%205a3965ea%2000000000%2000000000%2000000000%20w3core!W3_MAIN_CONTEXT%3A%3ADoWork%2B0xa6%0A....%3C%2FPRE%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3EThe%20exception%20code%20here%20that%20Application%20Verifier%20is%20raising%20is%20%3CFONT%20color%3D%22%230000ff%22%20style%3D%22box-sizing%3A%20border-box%3B%22%3E00000013%3C%2FFONT%3E%26nbsp%3B%20which%20means%20a%20Buffer%20Overrun.%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3EThe%20code%20that%20I%20used%20to%20test%20this%20is%3A%3C%2FP%3E%0A%3CPRE%3E%7B%0A%20%20%20%20%20%20%20char%20*ptr%2C%20*tmp%3B%0A%20%20%20%20%20%20%20int%20i%3B%0A%0A%20%20%20%20%20%20%20ptr%20%3D%20(char*)GlobalAlloc(GMEM_FIXED%2C%2016)%3B%0A%20%20%20%20%20%20%20tmp%20%3D%20ptr%3B%0A%20%20%20%20%20%20%20for%20(i%20%3D%200%3B%20i%20%26lt%3B%2032%3B%20%2B%2Bi)%0A%20%20%20%20%20%20%20%20%20%20*(tmp%2B%2B)%20%3D%20'a'%3B%0A%20%20%20%20%20%20%20GlobalFree(ptr)%3B%0A%0A%7D%3C%2FPRE%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-376844%22%20slang%3D%22en-US%22%3E%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3EWhen%20dynamic%20allocation%2Fdeallocation%20of%20memory%20is%20not%20handled%20properly%20by%20user%20code%2C%20this%20might%20lead%20to%20memory%20blocks%20in%20the%20heap%20being%20corrupted.%20There%20are%20many%20causes%20of%20heap%20corruption.%20Some%20of%20the%20common%20causes%20are%3A%20Buffer%20overrun%20(Writing%20beyond%20the%20allocated%20memory)%2C%20Double%20free%20(Freeing%20a%20pointer%20twice)%20and%20Old%20pointer%20reuse(Reusing%20a%20pointer%20after%20being%20freed).%26nbsp%3B%20The%20difficulty%20with%20troubleshooting%20heap%20corruption%20is%20because%20when%20a%20thread%20for%20instance%20corrupts%20the%20heap%2C%20the%20process%20does%20not%20terminate%20or%20throws%20an%20error!%20As%20long%20as%20the%20corrupted%20heap%20is%20not%20used%2C%20the%20process%20will%20not%20crash%2C%20but%20once%20a%20thread%20tries%20to%20use%20that%20corrupted%20block%20of%20memory%20in%20the%20heap%2C%20the%20process%20crashes!%20If%20a%20crash%20rule%20is%20active%20and%20the%20process%20crashes%20because%20of%20heap%20corruption%2C%26nbsp%3B%20what%20we%20would%20see%20as%20a%20%E2%80%9Cculprit%E2%80%9D%20thread%20that%20caused%20the%20crash%20is%20actually%20nothing%20more%20than%20a%20victim%20thread!%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3ESo%20to%20get%20to%20the%20root%20of%20the%20problem%20and%20find%20out%20the%20cause%20of%20the%20corruption%2C%20that%20is%20the%20thread%20that%20corrupted%20the%20heap%2C%20Pagegeap%20should%20be%20enabled.%20Pageheap%20could%20be%20enabled%20directly%20in%20debugdiag%20via%20a%20crash%20rule%20and%20would%20provide%20the%20desired%20results%2C%20but%20if%20you%20would%20want%20to%20get%20more%20granular%20information%20about%20the%20corruption%20to%20simplify%20the%20code%20fix%2C%20Application%20verifier%20could%20be%20used%20in%20conjunction%20with%20debugdiag%20to%20get%20such%20information.%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3ETo%20turn%20on%20pageheap%20for%20the%20worker%20process%20w3wp.exe%20and%20attach%20the%20debugdiag%20debugger%20host%20to%20it%2C%20here%20is%20how%20to%20do%20that%3A%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3EFirst%2C%20download%20and%20install%20both%20tools%3A%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D20028%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EDownload%20Application%20Verifier%3C%2FA%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D49924%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EDownload%20DebugDiag%202.2%3C%2FA%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%20Start%20Application%20Verifier%20(Start%20--%26gt%3B%20Programs%20--%26gt%3B%20Application%20Verifier%20--%26gt%3B%20Application%20Verifier).%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%20Click%20File%20--%26gt%3B%20Add%20Application%20and%20browse%20to%20C%3A%5CWindows%5CSystem32%5CInetsrv%5Cw3wp.exe%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%20In%20the%20Tests%20Panel%2C%20expand%20Basics%20checkbox%20and%20uncheck%20all%20except%20Heaps%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20578px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F93691iC4BC95D97C711B3C%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22AppVerifHeaps.JPG%22%20title%3D%22AppVerifHeaps.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23ffffff%3B%20color%3A%20%23333333%3B%20font-family%3A%20'Segoe%20UI'%2CTahoma%2CArial%2C'Helvetica%20Neue'%2CHelvetica%2CSans-Serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E-%20In%20the%20Tests%20Panel%20again%2C%20select%20Heaps%20checkbox%20and%20click%20Edit%20--%26gt%3B%20Verifier%20Stop%20Options%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23ffffff%3B%20color%3A%20%23333333%3B%20font-family%3A%20'Segoe%20UI'%2CTahoma%2CArial%2C'Helvetica%20Neue'%2CHelvetica%2CSans-Serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20556px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F93694iE7011753CB87EB88%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22AppVerifStops.JPG%22%20title%3D%22AppVerifStops.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3EThis%20basically%20shows%20the%20stop%20codes%20that%20application%20verifier%20generates.%20The%20defaults%20actions%20are%20for%20all%20stop%20codes.%20The%20most%20important%20action%20here%20is%26nbsp%3B%20the%20%22Breakpoint%22%20in%20the%20Error%20Reporting%20section%20which%20means%20that%20Application%20Verifier%20will%20call%20into%20the%20breakpoint%20exception%20when%20it%20detects%20that%20the%20heap%20is%20being%20corrupted.%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%20Start%20Debugdiag%20(Start%20--%26gt%3B%20DebugDiag%202%20collection)%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%20Add%20a%20crash%20rule%20against%20a%20specific%20process.%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%20Type%20in%20%22w3wp.exe%22%20in%20the%20%22Select%20Target%22%20window%20and%20make%20sure%20the%20%22This%20process%20instance%20only%22%20check%20box%20is%20unchecked!%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%20In%20the%20%22Advanced%20Configuration%20(Optional)%22%20window%2C%20click%20Exceptions...%20and%20add%2080000003%20exception%20with%20an%20action%20type%20of%20Full%20Userdump.%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%20Finish%20the%20wizard%20and%20Activate%20the%20rule.%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E-%20Restart%20IIS%20so%20the%20new%20w3wp.exe%20loads%20both%20pageheap%20layer%20and%20application%20verifier%20dlls.%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3ENote%3A%20Since%20pageheap%20is%20enabled%20per%20process%2C%20every%20instance%20of%20w3wp.exe%20running%20on%20the%20system%20will%20have%20pageheap%20on%20along%20with%20application%20verifier.%20There%20is%20also%20a%20performance%20impact%20associated%20with%20pageheap%20that%20would%20cause%20the%20processing%20to%20slow%20down%20due%20to%20heap%20verification.%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3ESo%20basically%2C%20the%20above%20configuration%20will%20make%20application%20verifier%20calls%20into%20the%20breakpoint%20exception%20when%20it%20detects%20that%20a%20heap%20operation%20is%20corrupting%20the%20heap.%20When%20the%20breakpoint%20exception%20is%20called%2C%20debugdiag%20will%20generate%20a%20full%20userdump.%20Post-mortem%26nbsp%3B%20analysis%20of%20the%20userdump%20will%20give%20details%20about%20the%20corruption%20such%20as%20the%20call%20stack%2C%20the%20type%20of%20corruption%2C%20the%20heap%20address%20being%20corrupted...%20etc.%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3EHere%20is%20a%20simple%20example%20on%20how%20application%20verifier%20calls%20into%20the%20breakpoint%20exception%20after%20detecting%20a%20buffer%20overrun%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%3E0%3A009%26gt%3B%20kb%20%0AChildEBP%20RetAddr%20%20Args%20to%20Child%20%20%20%20%20%20%20%20%20%20%20%20%20%20%0A0685f71c%20004c3933%20139f8126%2002206ff8%2002206ff0%20ntdll!DbgBreakPoint%20%0A0685f920%20004c7487%20004cb5d8%2000000013%200a501000%20vrfcore!VerifierStopMessageEx%2B0x4bd%20%0A0685f944%20009030f9%2000000013%20008f33a8%200a501000%20vrfcore!VfCoreRedirectedStopMessage%2B0x81%20%0A0685f974%20008f97aa%2000000013%20008f33a8%200a501000%20vfbasics!VfBasicsStopMessage%2B0x1c9%20%0A0685f9d8%20008f8ed8%200685fa00%200685fa00%200685fa10%20vfbasics!AVrfpCheckFirstChanceException%2B0x13a%20%0A0685f9e8%207c84f937%200685fa00%200685faac%200685faac%20vfbasics!AVrfpVectoredExceptionHandler%2B0x18%20%0A0685fa10%207c813fb5%2000000000%2002206ff0%207c888f68%20ntdll!RtlpCallVectoredHandlers%2B0x57%20%0A0685fa24%207c814055%200685faac%200685fac8%2077bd8930%20ntdll!RtlCallVectoredExceptionHandlers%2B0x15%20%0A0685fa94%207c82ecc6%200685faac%200685fac8%200685faac%20ntdll!RtlDispatchException%2B0x19%20%0A0685fa94%2009531614%200685faac%200685fac8%200685faac%20ntdll!KiUserExceptionDispatcher%2B0xe%20%0A0685fda4%20095313ef%200686de18%2000000001%200686de18%20badEXT!doHC1%2B0x24%20%0A0685fdc4%205a322991%200686de18%200686cb60%200686d7a8%20badEXT!HttpExtensionProc%2B0x108%20%0A0685fde4%205a3968ff%200686dd90%20095312e7%200685fe10%20w3isapi!ProcessIsapiRequest%2B0x214%20%0A0685fe18%205a3967e0%2000000000%2000000000%200686cb60%20w3core!W3_ISAPI_HANDLER%3A%3AIsapiDoWork%2B0x3fd%20%0A0685fe38%205a396764%200685fea8%200686cb60%2000000000%20w3core!W3_ISAPI_HANDLER%3A%3ADoWork%2B0xb0%20%0A0685fe58%205a3966f4%200686cb60%2000000000%200685fe84%20w3core!W3_HANDLER%3A%3AMainDoWork%2B0x16e%20%0A0685fe68%205a3966ae%200686cb68%200686cb60%2000000001%20w3core!W3_CONTEXT%3A%3AExecuteCurrentHandler%2B0x53%20%0A0685fe84%205a396648%2000000001%200685fea8%2007e84ff8%20w3core!W3_CONTEXT%3A%3AExecuteHandler%2B0x51%20%0A0685feac%205a392264%2000000000%2000000000%2000000000%20w3core!W3_STATE_HANDLE_REQUEST%3A%3ADoWork%2B0x9a%20%0A0685fed0%205a3965ea%2000000000%2000000000%2000000000%20w3core!W3_MAIN_CONTEXT%3A%3ADoWork%2B0xa6%0A....%3C%2FPRE%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3EThe%20exception%20code%20here%20that%20Application%20Verifier%20is%20raising%20is%20%3CFONT%20color%3D%22%230000ff%22%20style%3D%22box-sizing%3A%20border-box%3B%22%3E00000013%3C%2FFONT%3E%26nbsp%3B%20which%20means%20a%20Buffer%20Overrun.%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3EThe%20code%20that%20I%20used%20to%20test%20this%20is%3A%3C%2FP%3E%0A%3CPRE%3E%7B%0A%20%20%20%20%20%20%20char%20*ptr%2C%20*tmp%3B%0A%20%20%20%20%20%20%20int%20i%3B%0A%0A%20%20%20%20%20%20%20ptr%20%3D%20(char*)GlobalAlloc(GMEM_FIXED%2C%2016)%3B%0A%20%20%20%20%20%20%20tmp%20%3D%20ptr%3B%0A%20%20%20%20%20%20%20for%20(i%20%3D%200%3B%20i%20%26lt%3B%2032%3B%20%2B%2Bi)%0A%20%20%20%20%20%20%20%20%20%20*(tmp%2B%2B)%20%3D%20'a'%3B%0A%20%20%20%20%20%20%20GlobalFree(ptr)%3B%0A%0A%7D%3C%2FPRE%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Microsoft

When dynamic allocation/deallocation of memory is not handled properly by user code, this might lead to memory blocks in the heap being corrupted. There are many causes of heap corruption. Some of the common causes are: Buffer overrun (Writing beyond the allocated memory), Double free (Freeing a pointer twice) and Old pointer reuse(Reusing a pointer after being freed).  The difficulty with troubleshooting heap corruption is because when a thread for instance corrupts the heap, the process does not terminate or throws an error! As long as the corrupted heap is not used, the process will not crash, but once a thread tries to use that corrupted block of memory in the heap, the process crashes! If a crash rule is active and the process crashes because of heap corruption,  what we would see as a “culprit” thread that caused the crash is actually nothing more than a victim thread!

So to get to the root of the problem and find out the cause of the corruption, that is the thread that corrupted the heap, Pagegeap should be enabled. Pageheap could be enabled directly in debugdiag via a crash rule and would provide the desired results, but if you would want to get more granular information about the corruption to simplify the code fix, Application verifier could be used in conjunction with debugdiag to get such information.

To turn on pageheap for the worker process w3wp.exe and attach the debugdiag debugger host to it, here is how to do that:

First, download and install both tools:

 

Download Application Verifier

Download DebugDiag 2.2

 

- Start Application Verifier (Start --> Programs --> Application Verifier --> Application Verifier).

- Click File --> Add Application and browse to C:\Windows\System32\Inetsrv\w3wp.exe

- In the Tests Panel, expand Basics checkbox and uncheck all except Heaps

AppVerifHeaps.JPG

- In the Tests Panel again, select Heaps checkbox and click Edit --> Verifier Stop Options

AppVerifStops.JPG

This basically shows the stop codes that application verifier generates. The defaults actions are for all stop codes. The most important action here is  the "Breakpoint" in the Error Reporting section which means that Application Verifier will call into the breakpoint exception when it detects that the heap is being corrupted.

- Start Debugdiag (Start --> DebugDiag 2 collection)

- Add a crash rule against a specific process.

- Type in "w3wp.exe" in the "Select Target" window and make sure the "This process instance only" check box is unchecked!

- In the "Advanced Configuration (Optional)" window, click Exceptions... and add 80000003 exception with an action type of Full Userdump.

- Finish the wizard and Activate the rule. 

- Restart IIS so the new w3wp.exe loads both pageheap layer and application verifier dlls.

Note: Since pageheap is enabled per process, every instance of w3wp.exe running on the system will have pageheap on along with application verifier. There is also a performance impact associated with pageheap that would cause the processing to slow down due to heap verification.

So basically, the above configuration will make application verifier calls into the breakpoint exception when it detects that a heap operation is corrupting the heap. When the breakpoint exception is called, debugdiag will generate a full userdump. Post-mortem  analysis of the userdump will give details about the corruption such as the call stack, the type of corruption, the heap address being corrupted... etc.

Here is a simple example on how application verifier calls into the breakpoint exception after detecting a buffer overrun

0:009> kb 
ChildEBP RetAddr  Args to Child              
0685f71c 004c3933 139f8126 02206ff8 02206ff0 ntdll!DbgBreakPoint 
0685f920 004c7487 004cb5d8 00000013 0a501000 vrfcore!VerifierStopMessageEx+0x4bd 
0685f944 009030f9 00000013 008f33a8 0a501000 vrfcore!VfCoreRedirectedStopMessage+0x81 
0685f974 008f97aa 00000013 008f33a8 0a501000 vfbasics!VfBasicsStopMessage+0x1c9 
0685f9d8 008f8ed8 0685fa00 0685fa00 0685fa10 vfbasics!AVrfpCheckFirstChanceException+0x13a 
0685f9e8 7c84f937 0685fa00 0685faac 0685faac vfbasics!AVrfpVectoredExceptionHandler+0x18 
0685fa10 7c813fb5 00000000 02206ff0 7c888f68 ntdll!RtlpCallVectoredHandlers+0x57 
0685fa24 7c814055 0685faac 0685fac8 77bd8930 ntdll!RtlCallVectoredExceptionHandlers+0x15 
0685fa94 7c82ecc6 0685faac 0685fac8 0685faac ntdll!RtlDispatchException+0x19 
0685fa94 09531614 0685faac 0685fac8 0685faac ntdll!KiUserExceptionDispatcher+0xe 
0685fda4 095313ef 0686de18 00000001 0686de18 badEXT!doHC1+0x24 
0685fdc4 5a322991 0686de18 0686cb60 0686d7a8 badEXT!HttpExtensionProc+0x108 
0685fde4 5a3968ff 0686dd90 095312e7 0685fe10 w3isapi!ProcessIsapiRequest+0x214 
0685fe18 5a3967e0 00000000 00000000 0686cb60 w3core!W3_ISAPI_HANDLER::IsapiDoWork+0x3fd 
0685fe38 5a396764 0685fea8 0686cb60 00000000 w3core!W3_ISAPI_HANDLER::DoWork+0xb0 
0685fe58 5a3966f4 0686cb60 00000000 0685fe84 w3core!W3_HANDLER::MainDoWork+0x16e 
0685fe68 5a3966ae 0686cb68 0686cb60 00000001 w3core!W3_CONTEXT::ExecuteCurrentHandler+0x53 
0685fe84 5a396648 00000001 0685fea8 07e84ff8 w3core!W3_CONTEXT::ExecuteHandler+0x51 
0685feac 5a392264 00000000 00000000 00000000 w3core!W3_STATE_HANDLE_REQUEST::DoWork+0x9a 
0685fed0 5a3965ea 00000000 00000000 00000000 w3core!W3_MAIN_CONTEXT::DoWork+0xa6
....

The exception code here that Application Verifier is raising is 00000013  which means a Buffer Overrun. 

The code that I used to test this is:

{
       char *ptr, *tmp;
       int i;

       ptr = (char*)GlobalAlloc(GMEM_FIXED, 16);
       tmp = ptr;
       for (i = 0; i < 32; ++i)
          *(tmp++) = 'a';
       GlobalFree(ptr);

}