views:

57

answers:

3

I was reading this article on MSDN "Managing Heap Memory in Win32"

And in it they are explaining about a tool called ProcessWalker.exe

In the article they explained that they can use this tool to explore the contents of virtual memory of any process.

  1. Does anyone know where I can download this tool from. Or maybe ProcessWalker might be deprecated. Does anyone know any other such tool?

  2. And I don't understand how is it even possible for such a tool to exist, wouldn't such a tool cause security breach?

A: 

njoy....

http://hotfile.com/dl/50825402/10ac867/ProcessWalker.rar.html

Vineel Kumar Reddy
Well, I can't download stuff from some file share website.It has to be from a authenticated source.But anyway, my purpose is fulfilled by the sysinternals suite (as advised in Han's comment).
bits
+1  A: 

The OS must keep information about virtual memory mappings of user processes. Tools such as runtime linkers and loaders explicitly manipulate virtual memory layout of a given process. All these are vital but normal services of the operating system as a whole.

Then there's the monitoring side - how much memory each process is using, what libraries are used by each, what's a page fault rate, etc. etc. All this must be available to userland tools.

The security side of things is managed with user and group permissions, or capabilities. Regular user must not be able to inspect memory of other user's process, but should be able to inspect his own. An administrator should then be able to access all the information provides by the system.

Nikolai N Fetissov
+2  A: 

17 years is a really long time ago. Forget everything it says about GlobalAlloc and LocalAlloc. The SysInternals' VMMap utility does a similar job, it is excellent.

Hans Passant
Thanks for the vmmap tip. I downloaded the entire sysinternals suite and found it very useful.
bits
Although, I can't see the actual memory contents using vmmap, but thats okay... my intention was to learn virtual memory management, and its helping a lot.
bits
Yes, staring at 2 gigabytes of hex dumps doesn't get you anywhere. You can get that from the debugger.
Hans Passant