In this question, I wanted to replace DbgCommand("dt ...") by an API call, and the PYKD command typedVar() came to the rescue.
As a result, my heap_stat script (extended with m_nSize and m_nCount information) is running three times faster now.
For your information, I've done this replacement for calculating the amount of members in an STL collection:
Replace: collection_Size = dbgCommand(("dt 0x" + pointer_format + " %s m_nSize") % (ptr,type_name)).split(' : ').[-1].split('\n')[0]
By: collection_Size = typedVar(type_name, ptr).m_nSize
As a result of this success, I'd like to replace other DbgCommand requests by API calls.
For the case of dbgCommand('!heap -h 0'), this seems not to be that simple (some examples):
>>> for t in targetHeapIterator():
... print t
...
Traceback (most recent call last):
File "<console>", line 1, in <module>
RuntimeError: This class cannot be instantiated from Python
>>> for t in targetHeap().entries:
... print t
...
Traceback (most recent call last):
File "<console>", line 1, in <module>
RuntimeError: This class cannot be instantiated from Python
>>> for t in targetProcess().getManagedHeap().entries:
... print t
...
Traceback (most recent call last):
File "<console>", line 1, in <module>
TypeError: 'instancemethod' object is not iterable
How can I iterate over the heap of my process (replacing !heap -h 0)?
P.S. Even if targetHeap() can't be used as a replacement for !heap -h 0, I'd still like to know how to use it, for investigation purposes.
targetHeapIterator() - only for managed heap and it cannot be created directly, only through special class.
For enumerating native heap, you need write your own script.
Maybe it will be useful for you: https://githomelab.ru/pykd/pykdwin
This package has heap enumeartor but with restrictions:
Sample from doc: