{"id":20568756,"url":"https://github.com/yardenshafir/poolviewer","last_synced_at":"2025-09-29T07:35:55.977Z","repository":{"id":38686973,"uuid":"284546598","full_name":"yardenshafir/PoolViewer","owner":"yardenshafir","description":"An application to view and filter pool allocations from a dmp file on Windows 10 RS5+.","archived":false,"fork":false,"pushed_at":"2023-03-02T22:22:08.000Z","size":6611,"stargazers_count":137,"open_issues_count":3,"forks_count":24,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-04-14T16:16:57.882Z","etag":null,"topics":["heap","pool","windows","windows-10"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yardenshafir.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-08-02T21:42:28.000Z","updated_at":"2025-03-29T22:44:16.000Z","dependencies_parsed_at":"2024-11-16T05:04:42.272Z","dependency_job_id":null,"html_url":"https://github.com/yardenshafir/PoolViewer","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/yardenshafir/PoolViewer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yardenshafir%2FPoolViewer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yardenshafir%2FPoolViewer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yardenshafir%2FPoolViewer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yardenshafir%2FPoolViewer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yardenshafir","download_url":"https://codeload.github.com/yardenshafir/PoolViewer/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yardenshafir%2FPoolViewer/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":277483274,"owners_count":25825559,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-29T02:00:09.175Z","response_time":84,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["heap","pool","windows","windows-10"],"created_at":"2024-11-16T04:54:32.122Z","updated_at":"2025-09-29T07:35:55.972Z","avatar_url":"https://github.com/yardenshafir.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PoolViewer\nAn application to view and filter pool allocations from a dmp file on Windows 10 RS5+.\nPresents information about active heaps and all pool allocations in the system, both allocated and free, as well as some basic statistics.\nThe information is extracted from a memory dump using Windows' Debugger API.\n\nIntegration of c++ code with WPF GUI relies on DllExport package and is heavily based on the code from here: \nhttps://www.codeproject.com/Articles/5253279/Create-An-Awesome-WPF-UI-for-Your-Cplusplus-QT-App\n\n## Features\n- Presents information in easy-to-use format\n- Read from memory dump or from a live machine\n- Can filter based on all fields\n- Right-click on any of the tables in the \"General\" tab to filter pool blocks based on chosen row\n- Export all pool blocks to csv\n\n## Build\nThere are 4 projects in the repository:\n1. ManagedUIKitWpf - implementing the GUI for PoolViewer (required .NET 4.5 to be installed)\n2. PoolData - implementing all pool analysis functionality\n3. PoolViewer - using PoolData and ManagedUIKitWpf to implement GUI analysis tool\n4. PoolViewExt - using PoolData to create a WinDbg extension (does not require ManagedUIKitWpf to be built)\n\n## Usage\nYou can either clone the repository and build it yourself or use the binaries found in Binaries folder.\nNotice that the app needs dbgeng.dll and dbghelp.dll to exist in the same directory.\nThe ones in System32 are often broken, so copy the dlls from the same folder windbg.exe is in.\n\nThe app parses a memory dmp of a Windows 10 RS5+ machine, which can be created with livekd:\n`livekd.exe -ml -k \u003cpath to kd.exe\u003e -o c:\\temp\\live.dmp`\n\nAnother option is analyzing the live machine - this is done by creating a temporary dmp file of the live machine and analyzing it. This option requires running PoolViewer as admin.\n\n## PoolViewerExt\nWinDbg extension to print information about a specific pool address or a pool tag.\nOptions:\n1. !poolview [address]\n```!poolview ffffcc8b7d8840c0\n  Address              Size       (Status)      Tag    Type\n  ---------------------------------------------------------\n* 0xffffcc8b7d884050   0xe70      (Allocated)   Proc   Vs\n  0xffffcc8b7d884ee0   0x100      (Free)               Vs\n  ```\n2. !poolview -tag [tag]\n```!poolview -tag Even\n  Address              Size       (Status)      Tag    Type\n  ---------------------------------------------------------\n  0xffffcc8b460f6580   0x80       (Allocated)   Even   Lfh\n  0xffffcc8b460f6700   0x80       (Allocated)   Even   Lfh\n  0xffffcc8b460f6c80   0x80       (Allocated)   Even   Lfh\n  0xffffcc8b460f6d00   0x80       (Allocated)   Even   Lfh\n  0xffffcc8b497fc190   0xa0       (Allocated)   Even   Lfh\n  0xffffcc8b497fc9b0   0xa0       (Allocated)   Even   Lfh\n  0xffffcc8b4aafedd0   0x60       (Allocated)   Even   Lfh\n  0xffffcc8b4aafef50   0x60       (Allocated)   Even   Lfh\n  ```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyardenshafir%2Fpoolviewer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyardenshafir%2Fpoolviewer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyardenshafir%2Fpoolviewer/lists"}