3

I am writing an extension for Windbg, and at a particular point I need to get the permissions for a memory offset, much like how !address addr would provide in Windbg. I have had a look at the available functions of the Debugger Engine API here at:

http://msdn.microsoft.com/en-us/library/windows/hardware/ff551059%28v=vs.85%29.aspx

However I have failed to find such a function that would return the section/permissions information against a memory offset. Basically I would like to get what section the address lies in, data section, text section etc, what permissions it has and so on.

The closest sounding function I have found is GetOffsetInformation in the IDebugDataSpaces4 interface. However as per the documentation, it doesn't provide anything from what I am looking for:

http://msdn.microsoft.com/en-us/library/windows/hardware/ff548055(v=vs.85).aspx

I could always run the !address command and have its output parsed, but I was looking for a cleaner way where I could get this information directly, by using the API.

Am I missing something? Is there a documented/undocumented way I could achieve this with?

user1831704
  • 245
  • 1
  • 10
  • 1
    It sounds like you are looking for [`IDebugDataSpaces2::QueryVirtual`](http://msdn.microsoft.com/en-us/library/windows/hardware/ff553502%28v=vs.85%29.aspx). It fills up a [`MEMORY_BASIC_INFORMATION`](http://msdn.microsoft.com/en-us/library/windows/desktop/aa366775%28v=vs.85%29.aspx) struct for the page that holds the given address. – Sean Cline Dec 11 '14 at 11:57

1 Answers1

3

Doesnt QueryVirtual Work ?

#include <engextcpp.hpp>

class EXT_CLASS : public ExtExtension
{
public:
    EXT_COMMAND_METHOD(getoffinfo);
};

EXT_DECLARE_GLOBALS();


EXT_COMMAND( getoffinfo, "", "{;e,d=0;getoffinfo;simulates !address <address>}" )

{
    ULONG64 Offset  = GetUnnamedArgU64(0);
    if (Offset == 0)
    {
        Out( "usage !getoffinfo <address>\n");
    }
    else
    {
        MEMORY_BASIC_INFORMATION64 meminfo;
        memset(&meminfo,0,sizeof(MEMORY_BASIC_INFORMATION64 ));
        m_Data2->QueryVirtual(Offset,&meminfo);
        Out("Allocation Base    :   %x\n",meminfo.AllocationBase);
        Out("Base Address       :   %x\n",meminfo.BaseAddress);
        Out("End Address        :   %x\n",meminfo.AllocationBase + meminfo.RegionSize);
        Out("RegionSize         :   %x\n",meminfo.RegionSize);
        Out("Type               :   %x\n",meminfo.Type);
        Out("State              :   %x\n",meminfo.State);
    }

}

result as follows

0:000> !address windbg
Usage:                  Image
Allocation Base:        01000000
Base Address:           01000000
End Address:            01001000
Region Size:            00001000
Type:                   01000000    MEM_IMAGE
State:                  00001000    MEM_COMMIT
Protect:                00000002    PAGE_READONLY
More info:              lmv m windbg
More info:              !lmi windbg
More info:              ln 0x1000000

0:000> .load getoffinfo
0:000> !getoffinfo
usage !getoffinfo <address>
0:000> !getoffinfo windbg
Allocation Base    :   1000000
Base Address       :   1000000
End Address        :   1001000
RegionSize         :   1000
Type               :   1000000
State              :   1000
blabb
  • 8,674
  • 1
  • 18
  • 27