- IMHO the easiest way to control all this checking is using the ApplicationVerifier. You have a perfect UI and you can play around with all flags.
- Heap Free checking is a good flag without too much overhead. So if a heap block is badly modified and the block is freed you get a break into the debugger. If the corruption occurs near the allocation and freeing of the block, this might help.
- AFAIK "Heap parameter chechking" is just a lightweight "heap validation on call". I never had any success with this.
- Heap tail checking and tagging is easy and fast. Works sometimes for me.
You know that you can control this on a per application base also with gflags.
gflags.exe /i Testapp.exe e0
But: The best way to find such problems is completely using the Debug-CRT... if it is possible for you. So if there is a chance to use you Debug-Version in the production environment, do it. Inside the Debug-CRT you again a lot of flags you can use and set....