How to use UMDH to find native memory leaks

The Debugging Tools for Windows packages come with a tool—UMDH.exe—that makes finding memory leaks in native code really pretty easy. There’s a Microsoft Knowledgebase Article that gives an overview of how to use the tool but it’s a little out of date. (It’s also very detailed, and I usually just want a summary.)

All these steps assume you have the latest Debugging Tools package installed and in your path. (Note that you need to run the tools for the same platform (x86 vs x64) as the target executable.)

Start Collecting Data

At an Administrator command prompt, run gflags.exe to start collecting stack traces for user-mode allocations:

gflags –i Program.exe +ust

Collect Snapshots

Start Program.exe running, and collect a baseline snapshot (this can be done from a regular command prompt):

umdh –pn:Program.exe –f:Dump1.txt

Perform the action that leaks memory, and collect a second snapshot:

umdh –pn:Program.exe –f:Dump2.txt

(If “Program.exe” is not a unique process name, the “-p:” command line argument can select a process by ID.)

Compare Snapshots

umdh –d Dump1.txt Dump2.txt > Diff.txt

Open Diff.txt in your favourite text editor (that can handle large files!). The memory leaks are listed in descending order of bytes leaked; each should be followed by the complete stack trace of the allocation call. Depending on the cause, this may either pinpoint the bug, or at least show a good place to set a breakpoint for debugging.

Stop Data Collection

The most important step in the whole process is to turn off the data collection for your application (once the memory leak is fixed), or else your program will run slowly while the OS kernel logs every memory allocation:

gflags –i Program.exe -ust

Posted by Bradley Grainger on April 28, 2009