windbg !vprot 与 !address
windbg !vprot vs !address
运行 !vprot 和 !address 在同一地址(0x00973ee8)上,但得到不同的结果。 !vprot 和 !address 有什么区别?
0:001> !vprot 0x00973ee8
BaseAddress: 0000000000973000
AllocationBase: 0000000000970000
RegionSize: **0000000000005000**
0:001> !address 0x00973ee8
Allocation Base: 00000000`00970000
Base Address: 00000000`00970000
End Address: 00000000`00978000
Region Size: **00000000`00008000**
!vprot 为 Specific page
提供 RegionSize
!address 为 whole Commit
提供 RegionSize
示例 python 脚本作为示例
:\>type vproadd.py
from ctypes import *
class MEMORY_BASIC_INFORMATION (Structure):
_fields_ = [
("BaseAddress", c_ulong),
("AllocationBase", c_ulong),
("AllocationProtect", c_long),
("RegionSize", c_long),
("State", c_long),
("Protect", c_long),
("Type", c_long) ]
mem = windll.kernel32.VirtualAlloc(0,0x30000,0x3000,0x40)
print "Allocation Base 0x%08X" % mem
oldprot = c_ulong();
windll.kernel32.VirtualProtect(mem+0x3000,0x3000,0x02,byref( oldprot))
protdet = MEMORY_BASIC_INFORMATION()
for i in range (0,0x8000,0x1000):
windll.kernel32.VirtualQuery((mem+i),byref(protdet),sizeof(protdet))
print "PageNo %02d BaseAddress 0x%08X regionsize 0x%08X protection %02d" % (
i/4096, protdet.BaseAddress,protdet.RegionSize ,protdet.Protect)
windll.kernel32.VirtualFree(mem,0,0x8000)
:\>python vproadd.py
Allocation Base 0x00510000
PageNo 00 BaseAddress 0x00510000 regionsize 0x00003000 protection 64
PageNo 01 BaseAddress 0x00511000 regionsize 0x00002000 protection 64
PageNo 02 BaseAddress 0x00512000 regionsize 0x00001000 protection 64
PageNo 03 BaseAddress 0x00513000 regionsize 0x00003000 protection 02
PageNo 04 BaseAddress 0x00514000 regionsize 0x00002000 protection 02
PageNo 05 BaseAddress 0x00515000 regionsize 0x00001000 protection 02
PageNo 06 BaseAddress 0x00516000 regionsize 0x0002A000 protection 64
PageNo 07 BaseAddress 0x00517000 regionsize 0x00029000 protection 64
运行 !vprot 和 !address 在同一地址(0x00973ee8)上,但得到不同的结果。 !vprot 和 !address 有什么区别?
0:001> !vprot 0x00973ee8
BaseAddress: 0000000000973000
AllocationBase: 0000000000970000
RegionSize: **0000000000005000**
0:001> !address 0x00973ee8
Allocation Base: 00000000`00970000
Base Address: 00000000`00970000
End Address: 00000000`00978000
Region Size: **00000000`00008000**
!vprot 为 Specific page
提供 RegionSize
!address 为 whole Commit
示例 python 脚本作为示例
:\>type vproadd.py
from ctypes import *
class MEMORY_BASIC_INFORMATION (Structure):
_fields_ = [
("BaseAddress", c_ulong),
("AllocationBase", c_ulong),
("AllocationProtect", c_long),
("RegionSize", c_long),
("State", c_long),
("Protect", c_long),
("Type", c_long) ]
mem = windll.kernel32.VirtualAlloc(0,0x30000,0x3000,0x40)
print "Allocation Base 0x%08X" % mem
oldprot = c_ulong();
windll.kernel32.VirtualProtect(mem+0x3000,0x3000,0x02,byref( oldprot))
protdet = MEMORY_BASIC_INFORMATION()
for i in range (0,0x8000,0x1000):
windll.kernel32.VirtualQuery((mem+i),byref(protdet),sizeof(protdet))
print "PageNo %02d BaseAddress 0x%08X regionsize 0x%08X protection %02d" % (
i/4096, protdet.BaseAddress,protdet.RegionSize ,protdet.Protect)
windll.kernel32.VirtualFree(mem,0,0x8000)
:\>python vproadd.py
Allocation Base 0x00510000
PageNo 00 BaseAddress 0x00510000 regionsize 0x00003000 protection 64
PageNo 01 BaseAddress 0x00511000 regionsize 0x00002000 protection 64
PageNo 02 BaseAddress 0x00512000 regionsize 0x00001000 protection 64
PageNo 03 BaseAddress 0x00513000 regionsize 0x00003000 protection 02
PageNo 04 BaseAddress 0x00514000 regionsize 0x00002000 protection 02
PageNo 05 BaseAddress 0x00515000 regionsize 0x00001000 protection 02
PageNo 06 BaseAddress 0x00516000 regionsize 0x0002A000 protection 64
PageNo 07 BaseAddress 0x00517000 regionsize 0x00029000 protection 64