Last active
June 20, 2018 18:51
-
-
Save hasherezade/67028e3906c88fb75574d19dddb54a17 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Region Addr: 00A50000 | |
| Full Size : 00007000 | |
| --- | |
| ---ALLOC AND INFO--- | |
| nextAddr: 00A50000 | |
| info: | |
| AllocBase: 00A50000 | |
| BaseAddress: 00A50000 | |
| RegionSize: 1000 | |
| RegionState: 1000 : MEM_COMMIT | |
| ------ | |
| nextAddr: 00A51000 | |
| info: | |
| AllocBase: 00A50000 | |
| BaseAddress: 00A51000 | |
| RegionSize: 1000 | |
| RegionState: 1000 : MEM_COMMIT | |
| ------ | |
| nextAddr: 00A52000 | |
| info: | |
| AllocBase: 00A50000 | |
| BaseAddress: 00A52000 | |
| RegionSize: 1000 | |
| RegionState: 1000 : MEM_COMMIT | |
| ------ | |
| Skipping: 00A53000 | |
| nextAddr: 00A54000 | |
| info: | |
| AllocBase: 00A50000 | |
| BaseAddress: 00A54000 | |
| RegionSize: 1000 | |
| RegionState: 1000 : MEM_COMMIT | |
| ------ | |
| nextAddr: 00A55000 | |
| info: | |
| AllocBase: 00A50000 | |
| BaseAddress: 00A55000 | |
| RegionSize: 1000 | |
| RegionState: 1000 : MEM_COMMIT | |
| ------ | |
| nextAddr: 00A56000 | |
| info: | |
| AllocBase: 00A50000 | |
| BaseAddress: 00A56000 | |
| RegionSize: 1000 | |
| RegionState: 1000 : MEM_COMMIT | |
| ------ | |
| ---INFO ONLY--- | |
| info: | |
| AllocBase: 00A50000 | |
| BaseAddress: 00A50000 | |
| RegionSize: 2000 | |
| RegionState: 1000 : MEM_COMMIT | |
| ------ | |
| info: | |
| AllocBase: 00A50000 | |
| BaseAddress: 00A51000 | |
| RegionSize: 1000 | |
| RegionState: 1000 : MEM_COMMIT | |
| ------ | |
| info: | |
| AllocBase: 00A50000 | |
| BaseAddress: 00A52000 | |
| RegionSize: 1000 | |
| RegionState: 1000 : MEM_COMMIT | |
| ------ | |
| info: | |
| AllocBase: 00A50000 | |
| BaseAddress: 00A53000 | |
| RegionSize: 1000 | |
| RegionState: 2000 : MEM_RESERVE | |
| ------ | |
| info: | |
| AllocBase: 00A50000 | |
| BaseAddress: 00A54000 | |
| RegionSize: 3000 | |
| RegionState: 1000 : MEM_COMMIT | |
| ------ | |
| info: | |
| AllocBase: 00A50000 | |
| BaseAddress: 00A55000 | |
| RegionSize: 2000 | |
| RegionState: 1000 : MEM_COMMIT | |
| ------ | |
| info: | |
| AllocBase: 00A50000 | |
| BaseAddress: 00A56000 | |
| RegionSize: 1000 | |
| RegionState: 1000 : MEM_COMMIT | |
| ------ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <iostream> | |
| #include <string> | |
| #define PAGE_SIZE 0x1000 | |
| std::string state_to_str(DWORD state) | |
| { | |
| switch (state) { | |
| case MEM_COMMIT: | |
| return "MEM_COMMIT"; | |
| case MEM_RESERVE: | |
| return "MEM_RESERVE"; | |
| case MEM_FREE: | |
| return "MEM_FREE"; | |
| } | |
| return ""; | |
| } | |
| bool check_page(LPCVOID start_va) | |
| { | |
| MEMORY_BASIC_INFORMATION page_info = { 0 }; | |
| SIZE_T out = VirtualQueryEx(GetCurrentProcess(), start_va, &page_info, sizeof(page_info)); | |
| if (out != sizeof(page_info)) { | |
| if (GetLastError() == ERROR_INVALID_PARAMETER) { | |
| return false; | |
| } | |
| #ifdef _DEBUG | |
| std::cout << "Could not query page: " << std::hex << start_va << ". Error: " << GetLastError() << std::endl; | |
| #endif | |
| return false; | |
| } | |
| std::cout << "info:\n" << | |
| "AllocBase: " << | |
| page_info.AllocationBase << | |
| "\nBaseAddress: " << | |
| page_info.BaseAddress << | |
| "\nRegionSize: " << | |
| page_info.RegionSize << | |
| "\nRegionState: " << | |
| page_info.State << " : " << state_to_str(page_info.State) << | |
| std::endl; | |
| return true; | |
| } | |
| int main() | |
| { | |
| const SIZE_T pagesCount = 7; | |
| SIZE_T fullSize = pagesCount * PAGE_SIZE; | |
| LPBYTE regionAddr = (LPBYTE)VirtualAlloc(nullptr, fullSize, MEM_RESERVE, PAGE_READWRITE); | |
| if (regionAddr == nullptr) { | |
| return -1; | |
| } | |
| std::cout << "Region Addr: \t" << std::hex << (LPVOID)regionAddr << std::endl; | |
| std::cout << "Full Size : \t" << std::hex << (LPVOID)fullSize << std::endl; | |
| std::cout << "---" << std::endl; | |
| std::cout << "---ALLOC AND INFO---" << std::endl; | |
| for (SIZE_T i = 0; i < pagesCount; i++) { | |
| LPVOID nextP = regionAddr + (i * PAGE_SIZE); | |
| if (i == 3) { | |
| std::cout << "Skipping: " << nextP << std::endl; | |
| continue; | |
| } | |
| DWORD protect = PAGE_READWRITE; | |
| if (i == 2) { | |
| protect = PAGE_EXECUTE_READWRITE; | |
| } | |
| LPVOID nextAddr = VirtualAlloc(nextP, PAGE_SIZE, MEM_COMMIT, protect); | |
| std::cout << "nextAddr: \t" << std::hex << nextAddr << std::endl; | |
| if (nextAddr == nullptr) { | |
| break; | |
| } | |
| //page_info.AllocationBase == regionAddr | |
| //page_info.BaseAddress == nextAddr | |
| check_page(nextP); | |
| std::cout << "------" << std::endl; | |
| } | |
| std::cout << "---INFO ONLY---" << std::endl; | |
| for (SIZE_T i = 0; i < pagesCount; i++) { | |
| LPVOID nextP = regionAddr + (i * PAGE_SIZE); | |
| check_page(nextP); | |
| std::cout << "------" << std::endl; | |
| } | |
| system("pause"); | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment