Windows 内存(四) 虚拟内存页面区块
虚拟内存页面区属性
- 通过
VirtualQueryExAPI来进行页面属性的查询
SIZE_T WINAPI VirtualQueryEx(
_In_ HANDLE hProcess,
_In_opt_ LPCVOID lpAddress,
_Out_ PMEMORY_BASIC_INFORMATION lpBuffer,
_In_ SIZE_T dwLength
);hProcess
- 要查询的进程的句柄
lpAddress
- 要查询的地址
- 这个地址是
一个页面的首地址, 也就是说必须按照页面大小的整数倍进行查询
lpBuffer
- 成功后将信息写入该结构体
dwLength
- 结构体的大小
来看一下MEMORY_BASIC_INFORMATION结构体
typedef struct _MEMORY_BASIC_INFORMATION {
PVOID BaseAddress;
PVOID AllocationBase;
DWORD AllocationProtect;
SIZE_T RegionSize;
DWORD State;
DWORD Protect;
DWORD Type;
} MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION;BaseAddress
- 指向
当前页面区域的首地址
- 指向
AllocationBase
- 使用
VirtualAlloc分配的页面区域的首地址 - BaseAddress 指向的页面包含在此分配范围内
- 使用
AllocationProtect
- 最初分配区域时的内存保护选项
- 它的值是包含在
[Memory Protection Constants](https://msdn.microsoft.com/EN-US/library/aa366786(v=VS.85,d=hv.2).aspx)中 - 如果调用函数的进程没有此进程的访问权限, 则为0
RegionSize
页面区块的大小- 从页面基址开始的
State
- 当前页面区域的状态
Protect
- 当前页面区域的保护属性
- 它是AllocationProtect成员列出的值之一
Type
- 当前页面区域的类型
例子
#include <windows.h>
#include <TCHAR.H>
BOOL ShowProcMemInfo(DWORD dwPID);
int _tmain(int argc, char* argv[])
{
ShowProcMemInfo(GetCurrentProcessId());
return 0;
}
BOOL ShowProcMemInfo(DWORD dwPID)
{
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,
FALSE,
dwPID);
if (hProcess == NULL)
return FALSE;
MEMORY_BASIC_INFORMATION mbi;
PBYTE pAddress = NULL;
TCHAR szInfo[200] = _T("BaseAddr Size Type State Protect \n");
_tprintf(szInfo);
while (TRUE)
{
if (VirtualQueryEx(hProcess, pAddress, &mbi, sizeof(mbi)) != sizeof(mbi))
{
break;
}
if ((mbi.AllocationBase != mbi.BaseAddress) && (mbi.State != MEM_FREE))
{
_stprintf(szInfo, _T(" %08X %8dK "),
mbi.BaseAddress,
mbi.RegionSize >> 10);
}
else
{
_stprintf(szInfo, _T("%08X %8dK "),
mbi.BaseAddress,
mbi.RegionSize >> 10);
}
LPCTSTR pStr = _T("");
switch (mbi.Type)
{
case MEM_IMAGE: pStr = _T("MEM_IMAGE "); break;
case MEM_MAPPED: pStr = _T("MEM_MAPPED "); break;
case MEM_PRIVATE: pStr = _T("MEM_PRIVATE"); break;
default: pStr = _T("-----------"); break;
}
_tcscat(szInfo, pStr);
_tcscat(szInfo, _T(" "));
switch (mbi.State)
{
case MEM_COMMIT: pStr = _T("MEM_COMMIT "); break;
case MEM_RESERVE: pStr = _T("MEM_RESERVE"); break;
case MEM_FREE: pStr = _T("MEM_FREE "); break;
default: pStr = _T("-----------"); break;
}
_tcscat(szInfo, pStr);
_tcscat(szInfo, _T(" "));
switch (mbi.AllocationProtect)
{
case PAGE_READONLY: pStr = _T("PAGE_READONLY "); break;
case PAGE_READWRITE: pStr = _T("PAGE_READWRITE "); break;
case PAGE_WRITECOPY: pStr = _T("PAGE_WRITECOPY "); break;
case PAGE_EXECUTE: pStr = _T("PAGE_EXECUTE "); break;
case PAGE_EXECUTE_READ: pStr = _T("PAGE_EXECUTE_READ "); break;
case PAGE_EXECUTE_READWRITE: pStr = _T("PAGE_EXECUTE_READWRITE"); break;
case PAGE_EXECUTE_WRITECOPY: pStr = _T("PAGE_EXECUTE_WRITECOPY"); break;
case PAGE_GUARD: pStr = _T("PAGE_GUARD "); break;
case PAGE_NOACCESS: pStr = _T("PAGE_NOACCESS "); break;
case PAGE_NOCACHE: pStr = _T("PAGE_NOCACHE "); break;
default: pStr = _T("----------------------"); break;
}
_tcscat(szInfo, pStr);
_tcscat(szInfo, _T("\n"));
_tprintf(szInfo);
pAddress = ((PBYTE)mbi.BaseAddress + mbi.RegionSize);
}
CloseHandle(hProcess);
return TRUE;
}未完待续...
如有错误,请提出指正!谢谢.
本文由 花心胡萝卜 创作,采用 知识共享署名4.0 国际许可协议进行许可
本站文章除注明转载/出处外,均为本站原创或翻译,转载前请务必署名
最后编辑时间为: 2017-07-27 at 03:47 am