#define WIN32_LEAN_AND_MEAN
#define _WIN32_WINNT 0x0500

#include <windows.h>
#include <vector>
#include <algorithm>
#include <typeinfo>
#include <iostream>
#include <iterator>
#include <psapi.h>

template<class T>
void FindTypeInBlock(LPVOID base, SIZE_T size, std::vector<LPCVOID>& result, const T& valToFind)
{
    SIZE_T elements = size / sizeof(T);
    if(elements < 1)
    {
        return;
    }
    const T* const baseAsT = reinterpret_cast<T*>(base);
    std::vector<T> range(baseAsT, baseAsT + elements);
    typename std::vector<T>::iterator iter = range.begin();
    while((iter = std::find(iter, range.end(), valToFind)) != range.end())
    {
        const LPCVOID address = baseAsT + (iter - range.begin());
        result.push_back(address);
        ++iter;
    }
}

int main()
{
    std::vector<HANDLE> heaps(GetProcessHeaps(0, NULL));
    GetProcessHeaps(heaps.size(), &heaps[0]);
    std::vector<LPCVOID> results;
    // change this to whatever type and value you want to search for
    int val = 28;
    for(DWORD i = 0; i < heaps.size(); ++i)
    {
        std::cout << "Heap handle:\t" << heaps[i] << '\n';
        PROCESS_HEAP_ENTRY phi = {0};
        while(HeapWalk(heaps[i], &phi))
        {
            std::cout << "Block Start Address: " << phi.lpData << '\n';
            std::cout << "\tSize: " << phi.cbData << " - Overhead: "
                           << static_cast<DWORD>(phi.cbOverhead) << '\n';
            std::cout << "Block is a";
            if(phi.wFlags & PROCESS_HEAP_REGION)
            {
                std::cout << " VMem region\n";
                std::cout << "\tCommitted size: " << phi.Region.dwCommittedSize << '\n';
                std::cout << "\tUncomitted size: " << phi.Region.dwUnCommittedSize << '\n';
                std::cout << "\tFirst block: " << phi.Region.lpFirstBlock << '\n';
                std::cout << "\tLast block: " << phi.Region.lpLastBlock << '\n';
            }
            else 
            {
                if(phi.wFlags & PROCESS_HEAP_UNCOMMITTED_RANGE)
                {
                    std::cout << "n uncommitted range\n";
                }
                else if(phi.wFlags & PROCESS_HEAP_ENTRY_BUSY)
                {
                    std::cout << "n Allocated range: Region index - " 
                                   << static_cast<unsigned>(phi.iRegionIndex);
                    if(phi.wFlags & PROCESS_HEAP_ENTRY_MOVEABLE)
                    {
                        std::cout << "\n\tMovable: Handle is 0x" << phi.Block.hMem << '\n';
                    }
                    else if(phi.wFlags & PROCESS_HEAP_ENTRY_DDESHARE)
                    {
                        std::cout << "\n\tDDE Sharable\n";
                    }
                    else std::cout << std::endl;

                    // check this block for the data
                    FindTypeInBlock(phi.lpData, phi.cbData, results, val);
                }
            }
            std::cout << std::endl;
        }
    }
    // now check the module, for static data
    MODULEINFO modInf = {0};
    GetModuleInformation(GetCurrentProcess(), GetModuleHandle(NULL), &modInf, sizeof(MODULEINFO));
    FindTypeInBlock(modInf.lpBaseOfDll, modInf.SizeOfImage, results, val);
    std::cout << "The " << typeid(val).name() << ' ' << val
                   << " was found at the following locations:\n";
    std::copy(results.begin(), results.end(),
                    std::ostream_iterator<LPCVOID>(std::cout, "\n"));
}