GetSystemInfo and VirtualQuery

前言

GetSystemInfo 可以得到可访问的内存地址范围和分页大小

VirtualQuery 得到按页开始地址和页大小访问的内存页信息

代码片段

// MemViewer.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include <windows.h>
#include <stdlib.h>
#include <stdio.h>

typedef struct _tag_KeyVal {
DWORD m_dwAttrib;
char m_szName[MAX_PATH];

_tag_KeyVal() {
m_dwAttrib = 0;
ZeroMemory(m_szName, sizeof(m_szName));
}

_tag_KeyVal(DWORD dwAttrib, const char* pcName) {
m_dwAttrib = dwAttrib;
strcpy(m_szName, (NULL != pcName) ? pcName : "");
}
} TAG_KEYVAL;

const TAG_KEYVAL g_ProtectAry[] = {
TAG_KEYVAL(PAGE_READONLY, "PAGE_READONLY"),
TAG_KEYVAL(PAGE_READWRITE, "PAGE_READWRITE"),
TAG_KEYVAL(PAGE_WRITECOPY, "PAGE_WRITECOPY"),
TAG_KEYVAL(PAGE_EXECUTE, "PAGE_EXECUTE"),
TAG_KEYVAL(PAGE_EXECUTE_READ, "PAGE_EXECUTE_READ"),
TAG_KEYVAL(PAGE_EXECUTE_READWRITE, "PAGE_EXECUTE_READWRITE"),
TAG_KEYVAL(PAGE_EXECUTE_WRITECOPY, "PAGE_EXECUTE_WRITECOPY"),
TAG_KEYVAL(PAGE_GUARD, "PAGE_GUARD"),
TAG_KEYVAL(PAGE_NOACCESS, "PAGE_NOACCESS"),
TAG_KEYVAL(PAGE_NOCACHE, "PAGE_NOCACHE"),
TAG_KEYVAL(-1, "unknown"),
};

const TAG_KEYVAL g_StateAry[] = {
TAG_KEYVAL(MEM_COMMIT, "MEM_COMMIT"),
TAG_KEYVAL(MEM_FREE, "MEM_FREE"),
TAG_KEYVAL(MEM_RESERVE, "MEM_RESERVE"),
TAG_KEYVAL(-1, "unknown"),
};

const TAG_KEYVAL g_TypeAry[] = {
TAG_KEYVAL(MEM_IMAGE, "MEM_IMAGE"),
TAG_KEYVAL(MEM_MAPPED, "MEM_MAPPED"),
TAG_KEYVAL(MEM_PRIVATE, "MEM_PRIVATE"),
TAG_KEYVAL(-1, "unknown"),
};

enum {
eTitleAllocationBase = 0,
eTitleSize
};

const TAG_KEYVAL g_MemRecordDispAry[] = {
TAG_KEYVAL(eTitleAllocationBase, "AllocationBase"),
TAG_KEYVAL(eTitleSize, "Size"),
TAG_KEYVAL(-1, "unknown"),
};

typedef struct _tag_MemRecord {
DWORD dwBaseAddress;
DWORD dwAllocationBase;
DWORD dwAllocationProtect;
DWORD dwState;
DWORD dwProtect;
DWORD dwType;

DWORD dwSize;
BOOL bFirst;

_tag_MemRecord() {
dwBaseAddress = -1;
dwAllocationBase = -1;
dwAllocationProtect = -1;
dwState = -1;
dwProtect = -1;
dwType = -1;

dwSize = 0;
bFirst = TRUE;
}

BOOL IsEntryNewMemoryBlock(MEMORY_BASIC_INFORMATION& memInfo) {
if (bFirst
|| (dwAllocationBase != (DWORD)memInfo.AllocationBase)
|| (dwAllocationProtect != memInfo.AllocationProtect)
|| (dwState != memInfo.State)
|| (dwProtect != memInfo.Protect)
|| (dwType != memInfo.Type)) {
return TRUE;
}

return FALSE;
}

BOOL IsCanShow() {
return (!bFirst && (dwSize > 0));
}

void Update(MEMORY_BASIC_INFORMATION& memInfo, DWORD dwPageSize, BOOL bForce) {
if (bForce) {
bFirst = FALSE;
dwSize = dwPageSize;
dwAllocationBase = (DWORD)memInfo.AllocationBase;
dwBaseAddress = (DWORD)memInfo.BaseAddress;
dwAllocationProtect = memInfo.AllocationProtect;
dwState = memInfo.State;
dwProtect = memInfo.Protect;
dwType = memInfo.Type;
} else {
dwSize += dwPageSize;
}
}
} TAG_MEMRECORD;

void MemView(
DWORD dwPageSize,
BYTE* lpMinimumApplicationAddress,
BYTE* lpMaximumApplicationAddress);

void ShowTitleMEMORY_BASIC_INFORMATION();
void ShowMEMORY_BASIC_INFORMATION(MEMORY_BASIC_INFORMATION& meminfo);

void ShowTitleTAG_MEMRECORD();
void ShowTAG_MEMRECORD(TAG_MEMRECORD& memrec);

const char* GetProtectString(DWORD dwProtect);
const char* GetStateString(DWORD dwState);
const char* GetTypeString(DWORD dwType);

int main(int argc, char* argv[])
{
SYSTEM_INFO sys;

GetSystemInfo(&sys);
MemView(sys.dwPageSize, (BYTE*)sys.lpMinimumApplicationAddress, (BYTE*)sys.lpMaximumApplicationAddress);

system("pause");
return 0;
}

void MemView(
DWORD dwPageSize,
BYTE* lpMinimumApplicationAddress,
BYTE* lpMaximumApplicationAddress) {

BYTE* lpAddr = NULL;
DWORD dwRc = 0;
MEMORY_BASIC_INFORMATION meminfo;
TAG_MEMRECORD memrec;

// ShowTitleMEMORY_BASIC_INFORMATION();
ShowTitleTAG_MEMRECORD();

for (lpAddr = lpMinimumApplicationAddress; lpAddr < lpMaximumApplicationAddress; lpAddr += dwPageSize) {
dwRc = VirtualQuery(lpAddr, &meminfo, dwPageSize);
if (memrec.IsEntryNewMemoryBlock(meminfo)) {
if (memrec.IsCanShow()) {
ShowTAG_MEMRECORD(memrec);
}

memrec.Update(meminfo, dwPageSize, TRUE);
} else {
memrec.Update(meminfo, dwPageSize, FALSE);
}

// ShowMEMORY_BASIC_INFORMATION(meminfo);
}
}

void ShowTitleTAG_MEMRECORD() {
printf("%-15s %-9s %-24s %-16s %-24s %-11s\r\n",
"AllocationBase", "Size", "AllocationProtect", "State", "Protect", "Type");
}

void ShowTAG_MEMRECORD(TAG_MEMRECORD& memrec) {
printf("%-15X %-9X %-24s %-16s %-24s %-11s\r\n",
memrec.dwBaseAddress,
memrec.dwSize,
GetProtectString(memrec.dwAllocationProtect),
GetStateString(memrec.dwState),
GetProtectString(memrec.dwProtect),
GetTypeString(memrec.dwType));
}

void ShowTitleMEMORY_BASIC_INFORMATION() {
printf("%-15s %-15s %-24s %-12s %-16s %-24s %-11s\r\n",
"BaseAddress", "AllocationBase", "AllocationProtect", "RegionSize", "State", "Protect", "Type");
}

void ShowMEMORY_BASIC_INFORMATION(MEMORY_BASIC_INFORMATION& meminfo) {
printf("%-15x %-15x %-24s %-12x %-16s %-24s %-11s\r\n",
meminfo.BaseAddress,
meminfo.AllocationBase,
GetProtectString(meminfo.AllocationProtect),
meminfo.RegionSize,
GetStateString(meminfo.State),
GetProtectString(meminfo.Protect),
GetTypeString(meminfo.Type));
}

const char* GetProtectString(DWORD dwProtect) {
static char szBuf[MAXBYTE] = {'\0'};
for (int i = 0; (g_ProtectAry[i].m_dwAttrib != -1); i++) {
if (g_ProtectAry[i].m_dwAttrib == dwProtect) {
return g_ProtectAry[i].m_szName;
}
}

sprintf(szBuf, "Protect - %X", dwProtect);
return szBuf;
}

const char* GetStateString(DWORD dwState) {
static char szBuf[MAXBYTE] = {'\0'};
for (int i = 0; (g_StateAry[i].m_dwAttrib != -1); i++) {
if (g_StateAry[i].m_dwAttrib == dwState) {
return g_StateAry[i].m_szName;
}
}

sprintf(szBuf, "State - %X", dwState);
return szBuf;
}

const char* GetTypeString(DWORD dwType) {
static char szBuf[MAXBYTE] = {'\0'};
for (int i = 0; (g_TypeAry[i].m_dwAttrib != -1); i++) {
if (g_TypeAry[i].m_dwAttrib == dwType) {
return g_TypeAry[i].m_szName;
}
}

sprintf(szBuf, "Type - %X", dwType);
return szBuf;
}

运行效果

可以看到Protect属性,是可以位或的. e.g. 0x104 = PAGE_READWRITE + PAGE_GUARD

当State = MEM_FREE时, Protect和Type属性都是0, 属于未分配状态.