What does everyone else use to allocate/free large amounts of memory on the fly? malloc/free from the RTL? HeapAlloc/HeapFree API calls? Something else?
I’ll note that MSDN currently says the GlobalX and LocalX functions are just wrappers around HeapX functions
This is probably a good document to also read as it does differentiate the slight differences in the GlobalX and LocalX functions.
Comparing Memory Allocation Methods - Win32 apps | Microsoft Docs
Although the GlobalAlloc , LocalAlloc , and HeapAlloc functions ultimately allocate memory from the same heap, each provides a slightly different set of functionality. For example, HeapAlloc can be instructed to raise an exception if memory could not be allocated, a capability not available with LocalAlloc . LocalAlloc supports allocation of handles which permit the underlying memory to be moved by a reallocation without changing the handle value, a capability not available with HeapAlloc
The “reallocation” sounds like “ASLR handles” if such a description exists, it will be interesting to see if windows gives different handle “patterns” but you can tell from updates and the settings MS windows resets after an update where they have been working on the OS. Early windows 10 updates were always resetting various exploit protection settings, not so much of a problem with updates from the last 6 months or so.
Because the different heap allocators provide distinctive functionality by using different mechanisms, you must free memory with the correct function. For example, memory allocated with HeapAlloc must be freed with HeapFree and not LocalFree or GlobalFree . Memory allocated with GlobalAlloc or LocalAlloc must be queried, validated, and released with the corresponding global or local function.
And this is why we have constructors/deconstructores in classes and why .Net exists, ie to free and clean memory properly.
This is also a useful api to be aware of, it seems optimising compilers can cause problems.
ZeroMemory macro (Windows) | Microsoft Docs
To avoid any undesired effects of optimizing compilers, use the SecureZeroMemory function.
So when you read this one
SecureZeroMemory function (Windows) | Microsoft Docs
If ZeroMemory were called in this example instead of SecureZeroMemory , the compiler could optimize the call because the szPassword buffer is not read from before it goes out of scope. The password would remain on the application stack where it could be captured in a crash dump or probed by a malicious application.
What this also says is the stack is vulnerable to sniffing or probing, so MS is giving away their known weaknesses in the OS, emphasis on known. I know Friedrich Linder highlight how easily corrupted the Clarion stack could be with Clarion 7 and this is the Topspeed stack which is not known by as many people, only few know about it.
My question would be why do you need the memory?
Are you trying to build a complicated structure in memory?
Is it a CW Queue? - Queues allocate all the memory it needs as it needs it.
CapeSoft StringTheory may work for you if you need self adjusting data sizes
What about a Memory File?
It really all depends what you need - Let Clarion help you and don’t reinvent the wheel using those low level functions unless you really need to (And if you do then go right ahead)
For Clarion NEW( String( x ) ) and DISPOSE() create data on the Heap. Those can be passed to API calls that take the Address() of data. Many calls you can pass Zero for Size to have it return the Size of data required, you NEW( Return Size ) it and call again.
Some API calls specifically require a Handle to something specific, e.g. a handle from GlobalAlloc(). So that’s easy to decide, you create or get a Handle to what MSDN tells you is required. Note: GlobalAlloc using GMEM_FIXED returns a Memory Address so NEW() could be used.
This is all API stuff - I’m calling GetSystemFirmwareTable(), so I need to call it once to get the amt of memory to allocate, allocate the memory, then call GetSystemFirmwareTable() again to get the data I need. In C6 
So let me look at New, and if that doesn’t work I’ll just allocate some heap memory
You could roll your own kernel mode driver and pull the info out that way. You might find some of the info in the doc helpful.
https://download.microsoft.com/download/5/D/6/5D6EAF2B-7DDF-476B-93DC-7CF0072878E6/SMBIOS.doc
For Software Developers
Software developers who require read access to the entire set of SMBIOS data should use Windows Management Instrumentation (WMI) or the new firmware table provider APIs for Windows Server 2003 SP1.
I had some instructions somewhere on how to hack old drivers like 2k and xp to make them work on newer OS’s like win7+ somewhere, its surprisingly easy! 
Yeah, Win10 is nothing like that. You need EV certificates and attestation signing. Plus the hassle of installing a kernel mode driver. Which is the long winded way of saying Hell No
New() definately works in C6 and C5.5 etc. I can’t remember when it was introduced - whether it came in C4 or perhaps much earlier?
New() does initialize the memory so I would think the only time you would want to use malloc was where you were about to assign the memory and didn’t need it to be clean - and were paranoid about performance. But I have always found memset() to be very fast anyway so the overhead in new() would be very small (ie. tiny).
ST is often the easiest way - and calls new() for you.
But all the associated ST power obviously does come with some overhead, and so would be overkill if all you want to do is allocate x bytes to pass to some API.