windows系统调用遍历进程的虚拟地址

  1 #include "iostream"
  2 #include "windows.h"
  3 #include "shlwapi.h"
  4 #include  "iomanip"
  5 #pragma comment(lib,"shlwapi.lib")
  6 using namespace std;
  7 
  8 inline bool TestSet(DWORD dwTarget,DWORD dwMask){
  9     return ((dwTarget&dwMask)==dwMask);
 10 }
 11 
 12 #define SHOWMASK(dwTarget,type)
 13     if(TestSet(dwTarget,PAGE_##type))
 14 {cout<<","<<#type;}
 15 
 16 void ShowProtection(DWORD dwTarget)
 17 {
 18     SHOWMASK(dwTarget,READONLY);
 19     SHOWMASK(dwTarget,GUARD);
 20     SHOWMASK(dwTarget,NOCACHE);
 21     SHOWMASK(dwTarget,READWRITE);
 22     SHOWMASK(dwTarget,WRITECOPY);
 23     SHOWMASK(dwTarget,EXECUTE);
 24     SHOWMASK(dwTarget,EXECUTE_READ);
 25     SHOWMASK(dwTarget,EXECUTE_READWRITE);
 26     SHOWMASK(dwTarget,EXECUTE_WRITECOPY);
 27     SHOWMASK(dwTarget,NOACCESS);
 28 }
 29 
 30 void WalkVM(HANDLE hProcess){
 31     SYSTEM_INFO si;
 32     ZeroMemory(&si,sizeof(si));
 33     GetSystemInfo(&si);
 34 
 35     MEMORY_BASIC_INFORMATION mbi;
 36     ZeroMemory(&mbi,sizeof(mbi));
 37 
 38     LPCVOID pBlock=(LPVOID)si.lpMinimumApplicationAddress;
 39     while(pBlock<si.lpMaximumApplicationAddress){
 40         if(VirtualQueryEx(
 41             hProcess,
 42             pBlock,
 43             &mbi,
 44             sizeof(mbi)
 45             )==sizeof(mbi)){
 46                 LPCVOID pEnd=(PBYTE)pBlock+mbi.RegionSize;
 47                 TCHAR szSize[MAX_PATH];
 48                 StrFormatByteSize(mbi.RegionSize,szSize,MAX_PATH);
 49 
 50                 cout.fill('0');
 51                 cout<<hex<<setw(8)<<(DWORD)pBlock
 52                     <<"-"
 53                     <<hex<<setw(8)<<(DWORD)pEnd
 54                     <<(strlen(szSize)==7?"(":"(")<<szSize
 55                     <<")";
 56 
 57                 switch(mbi.State){
 58                     case MEM_COMMIT:
 59                     printf("Committed");
 60                     break;
 61                     case MEM_FREE:
 62                     printf("Free");
 63                     break;
 64                     case MEM_RESERVE:
 65                     printf("Reserved");
 66                     break;
 67                 
 68                 }
 69 
 70                 if(mbi.Protect==0&&mbi.State!=MEM_FREE){
 71                     mbi.Protect=PAGE_READONLY;
 72                 }
 73                 ShowProtection(mbi.Protect);
 74 
 75                 switch(mbi.Type){
 76                     case MEM_IMAGE:
 77                         printf(",Image");
 78                         break;
 79                     case MEM_MAPPED:
 80                         printf(",Mapped");
 81                         break;
 82                     case MEM_PRIVATE:
 83                         printf(",Private");
 84                         break;
 85                 }
 86 
 87                 TCHAR szFilename[MAX_PATH];
 88                 if(GetModuleFileName((HMODULE)pBlock,
 89                     szFilename,
 90                     MAX_PATH
 91                     )>0){
 92                     PathStripPath(szFilename);
 93                     printf(",Module:%s",szFilename);
 94                 }
 95                 printf("
");
 96                 pBlock=pEnd;
 97         }
 98     }
 99 }
100 
101 void main(){
102     
103     WalkVM(GetCurrentProcess());
104     getchar();
105 }
windows系统调用 遍历进程的虚拟地址

windows系统调用遍历进程的虚拟地址
