1

_MEMORY_BASIC_INFORMATION contains fields, that describe address space. I want to know what is the difference between BaseAddress and AllocationBase. BaseAddress is the base address of region, and what is AllocationBase?

Also, I want to know difference between AllocationProtect and Protect. I understand a little, but not sure, I think AllocationProtect is the protection attribute when we reserve region, and Protect is the protection attributes when we call VirtualAlloc with parameter MEM_COMMIT. If so, what is the Protect field when we just reserve region?

Steve
  • 7,171
  • 2
  • 30
  • 52
OSProgrammer
  • 11
  • 3

1 Answers1

1

When you call VirtualAlloc() you can allocate a section of memory that spans multiple pages. When you VirtualQuery() a page in the middle of that section, AllocationBase will be the return value of VirtualAlloc, which is the beginning of that memory allocated by VirtualAlloc(). BaseAddress will be the base address of the individual page you queried.

Here is an example program that shows it in action:

int main()
{
    intptr_t addr = (intptr_t)VirtualAlloc(0, 0x3000, MEM_COMMIT, PAGE_READWRITE);

    MEMORY_BASIC_INFORMATION mbi{ 0 };

    VirtualQuery((void*)(addr + 0x2000), &mbi, sizeof(mbi));

    intptr_t middleAddr = addr + 0x2000;

    std::cout << "VirtualAlloc returned = 0x" << std::hex << addr << "\n";

    std::cout << "Middle Address Queried = 0x" << std::hex << middleAddr << "\n";

    std::cout << "mbi.AllocationBase = 0x" << std::hex << mbi.AllocationBase << "\n";

    std::cout << "mbi.BaseAddress = 0x" << std::hex << mbi.BaseAddress << "\n";

    getchar();
    return 0;
}

output:

VirtualAlloc returned = 0x5d0000
Middle Address Queried = 0x5d2000
mbi.AllocationBase = 0x005D0000
mbi.BaseAddress = 0x005D2000

Likewise, AllocationProtect regards the Allocation page, no the individual page you queried.

GuidedHacking
  • 3,628
  • 1
  • 9
  • 59