7 Jun
2025
7 Jun
'25
3:56 p.m.
On Sat Jun 7 15:56:23 2025 +0000, Nikolay Sivov wrote:
If it's going to use HeapWalk(), it should lock the heap I think. It's also worth exploring if ntdll has a dedicated function somewhere to return this information.
You are right, it should lock.
Regarding the dedicated function in `ntdll`: I found `RltUsageHeap` which seems to be the corresponding function. Judging by the signature its API seems to be a bit more complex though as it also returns some extra stuff (in the form of linked lists at that) and there is not much documentation (none?). What would be a good way to go about this? Test how the original function behaves and try to recreate it?