Reputation:
/proc/self/maps equivalent on windows
I see that inspecting /proc/self/maps on Linux machines lets me see the pages that have been mapped in. As a result I can write a program to read and parse the pages it has mapped in.
How could one go about doing something similar for Windows? Are there any APIs for the same? If not, do you have any suggestions on how this could be done?
Upvotes: 1
Views: 2363
Answers (1)
Reputation: 1851
Yes, the possibility exists. First of all You have to access any process memory, or better, make it "accessible". Then You can read memory. Here are some usefull links ( by the way, You should always look in there, if You come from linux and try to do things on windows, it is the main source ).
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/aa366916%28v=vs.85%29.aspx
There is all documented.
But ther are also undocumented approaches, really crazy stuff, which also deals whith this topic.Like this for example.
Upvotes: 2
Related Questions
- Is there a memory mapping api on windows platform, just like mmap() on linux?
- Traversing all the physical pages of a process
- In linux (or POSIX) function similar to win32 mem api
- Is possible to read virtual memory on Unix/Linux? And on Windows?
- accessing process memory parts
- Segments up to heap in /proc/self/maps output
- What does kernel memory contain in Windows OS?
- Process Memory Map (Linux Windows)
- How can I get read-ahead bytes?
- Windows Memory Mapped Files