Reputation: 105
C++ Memory Scanning
I have a application that I need to scan for certain datatypes in the memory. To get some benchmarking tests, I whipped up this program :
long count = 0;
MEMORY_BASIC_INFORMATION meminfo;
unsigned char *addr = 0;
HANDLE hProc = GetCurrentProcess();
while (true){
if ( VirtualQueryEx( hProc, addr, &meminfo, sizeof( meminfo ) ) == 0 ){
break;
}
if ( ( meminfo.State & MEM_COMMIT ) && ( meminfo.Protect & WRITABLE ) ){
addr = (unsigned char*)meminfo.BaseAddress + meminfo.RegionSize;
count++;
printf("%d",count);
}
}
printf("%ld\n",count);
This program doesn't work, it blocks/crashes at the first memory chunk. And conceptually it fails too, ideally I need pointers to all of the variables in the current process, so I can check if they're of any relevance to me. I've google'd around for a while now to no avail, if someone could push me in the right direction that'd be great.
I know it's generally a bad idea to do this in the first place, I'd just like to know how it'd be done if I needed to do it.
Upvotes: 1
Views: 4174
Answers (1)
Reputation: 24021
WRITEABLE (at the second if block) is not one of the memory protection constants. Did you mean PAGE_READWRITE? You can find the full list of options here.
Memory access permissions are tricky. The rest of the function works though. This works, though one can view addr only when stepping through:
#include <Windows.h>
using namespace std;
int _tmain(int argc, _TCHAR* argv[])
{
long count = 0;
MEMORY_BASIC_INFORMATION meminfo;
unsigned char *addr = 0;
HANDLE hProc = GetCurrentProcess();
while (true)
{
if (VirtualQueryEx(hProc, addr, &meminfo, sizeof(meminfo)) == 0)
{
// TODO GetLastError
break;
}
// if ((meminfo.State & MEM_COMMIT) && (meminfo.Protect & PAGE_READWRITE))
{
addr = (unsigned char*) meminfo.BaseAddress + meminfo.RegionSize;
count++;
printf("%d", count);
}
}
printf("%ld\n", count);
}
Upvotes: 1