Hi
I am using winxp and intel processor ,
How do i access all the pages that are allocated to a process at that instance of time
i have the no of pages allocated ,
i want to read that values form those pages and examine them,
How do i get the starting page of a process in the memory ?
thanks
I am using winxp and intel processor ,
How do i access all the pages that are allocated to a process at that instance of time
i have the no of pages allocated ,
i want to read that values form those pages and examine them,
How do i get the starting page of a process in the memory ?
thanks
If it's your process then you should have the handles to those pages returned via *alloc functions, or whatever.
tofani, can you elaborate a bit?
Are you trying to do this for your own process, or some other running process? If you're trying to do it for some other process, please let us know why so we can decide what to do with this thread.
Are you trying to do this for your own process, or some other running process? If you're trying to do it for some other process, please let us know why so we can decide what to do with this thread.
Hi
Its a another process ,
I mean a different process say 'x' , whose handle is know or even its Pid
Typically suspend that process 'x' and then i need to investigate the pages that are there in the Memory and what value they have , other information about how long are they are read or written by that process , basically concerned with the idle ness of the pages in the memory
does this help ?
Its a another process ,
I mean a different process say 'x' , whose handle is know or even its Pid
Typically suspend that process 'x' and then i need to investigate the pages that are there in the Memory and what value they have , other information about how long are they are read or written by that process , basically concerned with the idle ness of the pages in the memory
does this help ?
Hm, basically, see if the information you need is available through perfmon.msc (on NT systems: start->run->perfmon.msc - for 9x systems, who cares :P). If it's not available, then you probably won't to find it anyway.
So, why do you need to do this? :)
So, why do you need to do this? :)
hi
I am actually trying to analyse a program which is just allocating memory at a constant rate and the allocated memory is not used for a long time ,
like
int count=1;
while(count) // infinite loop
{
a=(int)calloc(100000,(sizeof(bool)));
printf_s("Memory Leakage Value= %d allocated \n",(count++)*sizeof(a));
}
now in every loop a chunk of memory is allocated ,and is not used again ,
and if the process doesn't terminate then the memory is not released back
so my intension is to find a way to solve this problem
i am clear ?
I am actually trying to analyse a program which is just allocating memory at a constant rate and the allocated memory is not used for a long time ,
like
int count=1;
while(count) // infinite loop
{
a=(int)calloc(100000,(sizeof(bool)));
printf_s("Memory Leakage Value= %d allocated \n",(count++)*sizeof(a));
}
now in every loop a chunk of memory is allocated ,and is not used again ,
and if the process doesn't terminate then the memory is not released back
so my intension is to find a way to solve this problem
i am clear ?
The following code will require some minor modification to suit yourself, and is only a simple example, and is not the fastest way there is.
Have a nice day :)
MapProcessMemory proc hprocess
LOCAL p,guard,nocache
LOCAL info:MEMORY_BASIC_INFORMATION
mov p,NULL
.repeat
invoke VirtualQueryEx,hprocess,p,addr info,sizeof info
.break .if eax!=sizeof info
DbgHex info.BaseAddress
DbgDec info.RegionSize
Switch info.State
Case MEM_COMMIT
DbgText "Committed"
Case MEM_RESERVE
DbgText "Reserved"
Case MEM_FREE
DbgText "Free"
endsw
Switch info.Type
Case MEM_IMAGE
DbgText "Code Module"
Case MEM_MAPPED:
DbgText "Mapped "
Case MEM_PRIVATE:
DbgText "Private "
endsw
mov guard , 0
mov nocache , 0
mov eax,info.AllocationProtect
and eax,PAGE_NOCACHE
.if eax!=0
mov nocache , 1
.endif
mov eax,info.AllocationProtect
and eax,PAGE_GUARD
.if eax!=0
mov guard , 1
.endif
and info.AllocationProtect,NOT (PAGE_GUARD or PAGE_NOCACHE)
Switch info.AllocationProtect
Case PAGE_READONLY
DbgText "Read Only"
Case PAGE_READWRITE
DbgText "Read/Write"
Case PAGE_WRITECOPY
DbgText "Copy on Write"
Case PAGE_EXECUTE
DbgText "Execute only"
Case PAGE_EXECUTE_READ
DbgText "Execute/Read"
Case PAGE_EXECUTE_READWRITE
DbgText "Execute/Read/Write"
Case PAGE_EXECUTE_WRITECOPY
DbgText "COW Executable"
endsw
.if guard!=0
DbgText "guard page"
.endif
.if nocache!=0
DbgText "non-cachable"
.endif
mov eax, info.RegionSize
add p,eax
.until 0
ret
MapProcessMemory endp
Have a nice day :)