How do you know what region the address belongs to? C+++
-
Suppose the user sends WinAPI Function.
ReadProcessMemory()The address that needs to be remembered. Before using this function, I want to know if this is possible at all. I can use WinAPI for this.VirtualQueryEx()to see if the region is available for recording. But the problem is, I don't know the basic address of the region to which the address relates. It can be found by translating all the boundaries of the regions and identifying the address. But I'm sure there are other ways to decide, I'd like to know about them. Unfortunately, there's a function in WinAPI of documentation that's doing something like this.
-
At S.H. ' s request, try to form everything I understand from the comments above in one answer.
In general, the structure is responsible for information on regions and virtual memory pages
MEMORY_BASIC_INFORMATIONwhich is completed when the function is calledVirtualQueryEx()(orVirtualQuery()if this is our process, according to the documentation:MEMORY_BASIC_INFORMATION mbi; if (!VirtualQueryEx(process_handle, any_adress, &mbi, sizeof(MEMORY_BASIC_INFORMATION))) { // Делаем что-то, если считать информацию не удалось }♪
VirtualQueryExThe address transmitted, despite the documentation, is not required to be the basic address of the region or page. We can give absolutely any address. Inside the function itself, according to documentation, it will be rounded to the next page.If we want to get the address of the page where our address is located for some reason, we can drop the 12 early battles of our address at 0 and get the home address of our address:
// Не знаю насколько reinterpret_cast уместен, просто первое // Что пришло в голову int i = 155; size_t our_adress = reinterpret_cast<size_t>(&i); // К указателям нельзя применять бинарные операции, поэтому не придумал ничего лучше our_adress &= ~0xFFF; void* our_ptr = reinterpret_cast<void*>(our_adress); std::cout << "Page with base adress " << our_ptr << " has variable by adress " << &i << std::endl;This is due to the fact that the size of the virtual page is fixed to 4CB. In other words, every time
0x1000addresses are a new virtual page. Except for the range of addresses from0x00000by0x10000And so much on top. It's a 64CB reserve. Because of it, any first record of the process starts from the address.0x10000♪In filling
MEMORY_BASIC_INFORMATIONFunctionVirtualQueryEx()We're getting the home address and the basic address of the region where the address was sent to the fieldBaseAdressandAlocationBaserespectively
