0

The question may look like duplicate but I guess its not.

Mainly I want to determine if a pointer resides in Stack or Heap using C++ or C without using any debugging library. I've searched in stack overflow but could not find any solution / way around of that for windows system.

I've seen one python library (pydbg) which can determine whether any address belongs to stack or heap region. The exact link of the function is given below.

https://github.com/OpenRCE/pydbg/blob/master/pydbg.py#L3147

And I think windbg's "!address 0xaddress" command does some similar stuff. The usage tells us if its in heap or stack.

0:000> !address 00aada58
    00a80000 : 00a80000 - 0004b000
                    Type     00020000 MEM_PRIVATE
                    Protect  00000004 PAGE_READWRITE
                    State    00001000 MEM_COMMIT
                    Usage    RegionUsageHeap
                    Handle   00970000

So can we do the same without using any debugging library ??

Thanks in Adv.

Dev.K.
  • 2,428
  • 5
  • 35
  • 49
  • 5
    why do you need this? – jepio Jan 19 '15 at 19:29
  • since you don't specify the context of your problem I am going to answer this: In c/c++ a stack pointer (`i.e.` returned by `alloca`) is valid only on the function scope. So if you have a pointer you have to look only in the current function to see if it was returned by `alloca` (or `_alloca` on windows) – bolov Jan 19 '15 at 19:31
  • 2
    Basically, you can't. And wanting to do this strongly suggests you're going about something the wrong way. – Fred Larson Jan 19 '15 at 19:33
  • 1
    How is your question not a duplicate of, say, this one? http://stackoverflow.com/q/16360620/10077 – Fred Larson Jan 19 '15 at 19:35
  • ... or this one? http://stackoverflow.com/q/16709946/10077 – Fred Larson Jan 19 '15 at 19:35
  • Actually I've seen security softwares doing the same.For example they mainly hook Loadlibrary ,GetProcaddress, VirtualProtect etc( These apis are mostly used by malicious shellcodes ).So when above functions get called from stack / heap region they block attack. – Dev.K. Jan 19 '15 at 19:37
  • So I was just curious how they do this. I dont think they use any debugging library line dbghelp.dll, coz this will surely slow down process. – Dev.K. Jan 19 '15 at 19:38
  • How do you handle the case where a pointer is pointing to a register of a hardware device? A hardware device is neither stack nor heap? Also, I can have data in a separate constant area, such as Flash or ROM, which is not in the stack or heap space. How do you handle that pointer? – Thomas Matthews Jan 19 '15 at 20:34
  • @ThomasMatthews could you please take a look at this link i mentioned in the question..I've seen the python lib pydbg doing\ similar thing..if its unable to determine it returns unknown.. – Dev.K. Jan 20 '15 at 06:13

0 Answers0