tags:

views:

114

answers:

1
+1  Q: 

Is there any way to determine what type of memory the segments returned by VirtualQuery() are?

Greetings,

I'm able to walk a processes memory map using logic like this:

 MEMORY_BASIC_INFORMATION mbi;
 void *lpAddress=(void*)0;
 while (VirtualQuery(lpAddress,&mbi,sizeof(mbi))) {
  fprintf(fptr,"Mem             base:%-10x start:%-10x Size:%-10x Type:%-10x State:%-10x\n",
   mbi.AllocationBase,
   mbi.BaseAddress,
   mbi.RegionSize,
   mbi.Type,mbi.State);
  lpAddress=(void *)((unsigned int)mbi.BaseAddress + (unsigned int)mbi.RegionSize);
 }

I'd like to know if a given segment is used for static allocation, stack, and/or heap and/or other?

Is there any way to determine that?

A: 

I'm curious, what do you plan on doing with this information?

There is a windbg extension, !address, which can get you this information, if you don't need code to do it. Scripting the debugger will probably be much more reliable to get this info.

VirtualQuery can't return this information to you on its own, since it has no idea why user mode code requested the memory. You need to use it with other information sources to get this info, and there may still be some error cases.

First, you should filter only by MEM_PRIVATE memory . . . heap, stack, and static allocations (provided they've been modified) should fall within that range.

Static allocations (globals, etc.) should be at an address with a loaded module. You can use PSAPI to determine if the address is within a loaded module, for example, calling EnumProcessModules and then GetModuleInformation.

Stack values, you can use the toolhelp API to determine if the memory location is in a stack. CreateToolhelp32Snapshot with TH32CS_SNAPSHOT to get threads in the target process, then GetThreadContext and check if the resulting stack pointer is within the segment.

I'm don't know of a good way to walk heaps from outside the process. Toolhelp snaps a heap list but doesn't give you a good set of bounds for the heap memory. From within the process, you can use GetProcessHeaps to walk the list of heaps, and then call HeapValidate to dtermie if the memory location is within the heap.

Michael  2009-04-20 23:33:25
Using this information as part of a custom memory manager for an application.
bdbaddog  2009-04-21 18:10:59
The stack page/memory region seems to be MEM_IMAGE and not MEM_PRIVATE?
bdbaddog  2009-04-21 22:24:04
Stacks are definitely private. How are you getting the stack address you are checking?
Michael  2009-04-21 22:50:09

related questions

How to read a value from the Windows registry
CreateProcessAsUser vs ShellExecute
How do you configure an OpenFileDIalog to select folders?
Is there anything similar to the OS X InputManager on Windows?
So what am I missing with this here WPF?
How to convert std::string to LPCWSTR in C++ (Unicode)
Notification of drop in drag-drop in Windows
Find out which process has an exclusive lock on a USB device handle
What's an alternative to GWL_USERDATA for storing an object pointer?
FlashWindowEx FLASHW_STOP still keeps taskbar colored
Getting UI text from external app in C#
Sending a mouse click to a button in the taskbar using C#
Suitable alternative to CryptEncrypt
Is FindFirstChangeNotification the best API to use for file system change notification on windows?
What is the easiest way to parse an INI File in C++?
_wfopen equivalent under Mac OS X
Validating a Win32 Window Handle
Get list of domains on the network
Does it still make sense to learn low level WinAPI programming?
How do you create your own moniker (URL Protocol) on Windows systems?
Where is a good place to start programming GUIs for windows?
Bringing Window to the Front in C# using Win32 API
How can you tell when a user last pressed a key (or moved the mouse)?
Can a windows dll retrieve its own filename?
Wiggling the mouse using C#