1
0
Fork 0

DBG: fixed the memory map to show reserved pages (fixes various issues, can't find them)

This commit is contained in:
mrexodia 2016-02-18 01:23:34 +01:00
parent f49e145417
commit 359a2ae392
1 changed files with 24 additions and 8 deletions

View File

@ -25,6 +25,7 @@ void MemUpdateMap()
{ {
// First gather all possible pages in the memory range // First gather all possible pages in the memory range
std::vector<MEMPAGE> pageVector; std::vector<MEMPAGE> pageVector;
pageVector.reserve(200); //TODO: provide a better estimate
{ {
SIZE_T numBytes = 0; SIZE_T numBytes = 0;
duint pageStart = 0; duint pageStart = 0;
@ -38,27 +39,36 @@ void MemUpdateMap()
numBytes = VirtualQueryEx(fdProcessInfo->hProcess, (LPVOID)pageStart, &mbi, sizeof(mbi)); numBytes = VirtualQueryEx(fdProcessInfo->hProcess, (LPVOID)pageStart, &mbi, sizeof(mbi));
// Only allow pages that are committed to memory (exclude reserved/mapped) // Only allow pages that are committed/reserved (exclude free memory)
if(mbi.State == MEM_COMMIT) if(mbi.State != MEM_FREE)
{ {
auto bReserved = mbi.State == MEM_RESERVE; //check if the current page is reserved.
auto bPrevReserved = pageVector.size() ? pageVector.back().mbi.State == MEM_RESERVE : false; //back if the previous page was reserved (meaning this one won't be so it has to be added to the map)
// Only list allocation bases, unless if forced to list all // Only list allocation bases, unless if forced to list all
if(bListAllPages || allocationBase != (duint)mbi.AllocationBase) if(bListAllPages || bReserved || bPrevReserved || allocationBase != duint(mbi.AllocationBase))
{ {
// Set the new allocation base page // Set the new allocation base page
allocationBase = (duint)mbi.AllocationBase; allocationBase = duint(mbi.AllocationBase);
MEMPAGE curPage; MEMPAGE curPage;
memset(&curPage, 0, sizeof(MEMPAGE)); memset(&curPage, 0, sizeof(MEMPAGE));
memcpy(&curPage.mbi, &mbi, sizeof(mbi)); memcpy(&curPage.mbi, &mbi, sizeof(mbi));
if(!ModNameFromAddr(pageStart, curPage.info, true)) if(bReserved)
{
if(duint(curPage.mbi.BaseAddress) != allocationBase)
sprintf_s(curPage.info, "Reserved (" fhex ")", allocationBase);
else
strcpy_s(curPage.info, "Reserved");
}
else if(!ModNameFromAddr(pageStart, curPage.info, true))
{ {
// Module lookup failed; check if it's a file mapping // Module lookup failed; check if it's a file mapping
wchar_t szMappedName[sizeof(curPage.info)] = L""; wchar_t szMappedName[sizeof(curPage.info)] = L"";
if((mbi.Type == MEM_MAPPED) && if((mbi.Type == MEM_MAPPED) &&
(GetMappedFileNameW(fdProcessInfo->hProcess, mbi.AllocationBase, szMappedName, MAX_MODULE_SIZE) != 0)) (GetMappedFileNameW(fdProcessInfo->hProcess, mbi.AllocationBase, szMappedName, MAX_MODULE_SIZE) != 0))
{ {
bool bFileNameOnly = false; //TODO: setting for this auto bFileNameOnly = false; //TODO: setting for this
auto fileStart = wcsrchr(szMappedName, L'\\'); auto fileStart = wcsrchr(szMappedName, L'\\');
if(bFileNameOnly && fileStart) if(bFileNameOnly && fileStart)
strcpy_s(curPage.info, StringUtils::Utf16ToUtf8(fileStart + 1).c_str()); strcpy_s(curPage.info, StringUtils::Utf16ToUtf8(fileStart + 1).c_str());
@ -72,12 +82,13 @@ void MemUpdateMap()
else else
{ {
// Otherwise append the page to the last created entry // Otherwise append the page to the last created entry
if(pageVector.size()) //make sure to not dereference an invalid pointer
pageVector.back().mbi.RegionSize += mbi.RegionSize; pageVector.back().mbi.RegionSize += mbi.RegionSize;
} }
} }
// Calculate the next page start // Calculate the next page start
duint newAddress = (duint)mbi.BaseAddress + mbi.RegionSize; duint newAddress = duint(mbi.BaseAddress) + mbi.RegionSize;
if(newAddress <= pageStart) if(newAddress <= pageStart)
break; break;
@ -490,6 +501,11 @@ bool MemGetPageRights(duint Address, char* Rights)
bool MemPageRightsToString(DWORD Protect, char* Rights) bool MemPageRightsToString(DWORD Protect, char* Rights)
{ {
if(!Protect) //reserved pages don't have a protection (https://goo.gl/Izkk0c)
{
*Rights = '\0';
return true;
}
switch(Protect & 0xFF) switch(Protect & 0xFF)
{ {
case PAGE_NOACCESS: case PAGE_NOACCESS: