Debugging windbg!vprot vs!地址
正在运行Debugging windbg!vprot vs!地址,debugging,memory,windbg,Debugging,Memory,Windbg,正在运行!vprot和!地址在同一地址(0x00973ee8)上,但得到不同的结果。之间的区别是什么!vprot和!地址 0:001> !vprot 0x00973ee8 BaseAddress: 0000000000973000 AllocationBase: 0000000000970000 RegionSize: **0000000000005000** 0:001> !address 0x00973ee8 Allocation Ba
!vprot!地址之间的区别是什么!vprot!地址0:001> !vprot 0x00973ee8
BaseAddress: 0000000000973000
AllocationBase: 0000000000970000
RegionSize: **0000000000005000**
0:001> !address 0x00973ee8
Allocation Base: 00000000`00970000
Base Address: 00000000`00970000
End Address: 00000000`00978000
Region Size: **00000000`00008000**
!vprot提供特定页面的区域大小
!地址
为整个提交提供区域大小:\>type vproadd.py
from ctypes import *
class MEMORY_BASIC_INFORMATION (Structure):
_fields_ = [
("BaseAddress", c_ulong),
("AllocationBase", c_ulong),
("AllocationProtect", c_long),
("RegionSize", c_long),
("State", c_long),
("Protect", c_long),
("Type", c_long) ]
mem = windll.kernel32.VirtualAlloc(0,0x30000,0x3000,0x40)
print "Allocation Base 0x%08X" % mem
oldprot = c_ulong();
windll.kernel32.VirtualProtect(mem+0x3000,0x3000,0x02,byref( oldprot))
protdet = MEMORY_BASIC_INFORMATION()
for i in range (0,0x8000,0x1000):
windll.kernel32.VirtualQuery((mem+i),byref(protdet),sizeof(protdet))
print "PageNo %02d BaseAddress 0x%08X regionsize 0x%08X protection %02d" % (
i/4096, protdet.BaseAddress,protdet.RegionSize ,protdet.Protect)
windll.kernel32.VirtualFree(mem,0,0x8000)
:\>python vproadd.py
Allocation Base 0x00510000
PageNo 00 BaseAddress 0x00510000 regionsize 0x00003000 protection 64
PageNo 01 BaseAddress 0x00511000 regionsize 0x00002000 protection 64
PageNo 02 BaseAddress 0x00512000 regionsize 0x00001000 protection 64
PageNo 03 BaseAddress 0x00513000 regionsize 0x00003000 protection 02
PageNo 04 BaseAddress 0x00514000 regionsize 0x00002000 protection 02
PageNo 05 BaseAddress 0x00515000 regionsize 0x00001000 protection 02
PageNo 06 BaseAddress 0x00516000 regionsize 0x0002A000 protection 64
PageNo 07 BaseAddress 0x00517000 regionsize 0x00029000 protection 64
!vprot提供特定页面的区域大小
!地址
为整个提交提供区域大小:\>type vproadd.py
from ctypes import *
class MEMORY_BASIC_INFORMATION (Structure):
_fields_ = [
("BaseAddress", c_ulong),
("AllocationBase", c_ulong),
("AllocationProtect", c_long),
("RegionSize", c_long),
("State", c_long),
("Protect", c_long),
("Type", c_long) ]
mem = windll.kernel32.VirtualAlloc(0,0x30000,0x3000,0x40)
print "Allocation Base 0x%08X" % mem
oldprot = c_ulong();
windll.kernel32.VirtualProtect(mem+0x3000,0x3000,0x02,byref( oldprot))
protdet = MEMORY_BASIC_INFORMATION()
for i in range (0,0x8000,0x1000):
windll.kernel32.VirtualQuery((mem+i),byref(protdet),sizeof(protdet))
print "PageNo %02d BaseAddress 0x%08X regionsize 0x%08X protection %02d" % (
i/4096, protdet.BaseAddress,protdet.RegionSize ,protdet.Protect)
windll.kernel32.VirtualFree(mem,0,0x8000)
:\>python vproadd.py
Allocation Base 0x00510000
PageNo 00 BaseAddress 0x00510000 regionsize 0x00003000 protection 64
PageNo 01 BaseAddress 0x00511000 regionsize 0x00002000 protection 64
PageNo 02 BaseAddress 0x00512000 regionsize 0x00001000 protection 64
PageNo 03 BaseAddress 0x00513000 regionsize 0x00003000 protection 02
PageNo 04 BaseAddress 0x00514000 regionsize 0x00002000 protection 02
PageNo 05 BaseAddress 0x00515000 regionsize 0x00001000 protection 02
PageNo 06 BaseAddress 0x00516000 regionsize 0x0002A000 protection 64
PageNo 07 BaseAddress 0x00517000 regionsize 0x00029000 protection 64