1

When using tools such as Process Hacker or x64dbg there is a Memory tap (x64dbg Memory Map). Is there a way to get all of those regions displayed there in c++ with its coresponding base address and size?

I know how to get all the Modules but that only gives me Images but not Mapped nor Private Regions.

As you can see in the Image I want the green ones and not only the red. If you need any further Information let me know.

enter image description here

Edit: The platform I am using is Windows.

Edit2: I found the solution by changing the post from Can't VirtualAlloc on free region returned by VirtualQuery to my needs by looping VirtualQuery and adding Base + Region Size.

Thanks for all your help!

skyracer2012
  • 31
  • 6
  • These tools use highly technical operating system-specific tools and interfaces. Obviously, there's nothing of that sort in the C++ standard, this is highly operating system-specific APIs. They are typically documented in a highly technical manner, and require expert knowledge of C/C++ in order to use them correctly; I'd say at least 10-15 years of in-depth experience not just in C++, but with low-level operating system kernel programming. And unless it is an open OS like Linux, its documentation is not hard to get ahold of. How much experience do you have in that area? – Sam Varshavchik Oct 23 '20 at 19:54
  • Not in the standard library. This is very platform-dependent. It'd help if you tell us which platform(s) you're targeting. – Anonymous1847 Oct 23 '20 at 19:54
  • 3
    @SamVarshavchik I'm not sure I would go to saying you need 15 years of experience to know the general memory layout of a process in a specific OS, c'mon. – Anonymous1847 Oct 23 '20 at 19:56
  • Some people learn faster than others. And then you get guys like me who may wind up writing code for three different chips and OSes (if there's an OS) in one day and never bothered learning the in-depth stuff for any one OS or architecture. – user4581301 Oct 23 '20 at 20:42
  • I am targeting Windows here I didnt know ProcessHacker was a thing on linux, my bad – skyracer2012 Oct 23 '20 at 21:02
  • Probably a duplicate of https://stackoverflow.com/q/16342952/103167 – Ben Voigt Oct 23 '20 at 21:44
  • @ano I guess you have a point there. One year of experience is probably well enough. Plus maybe 9 to 14 years to deal with the mutilation done to your brain as a result of the exposure to PHP. – IInspectable Oct 24 '20 at 13:51

1 Answers1

1

On Linux you can use /proc (doc).

  • /proc/<pid>/map_files - Information about memory mapped files
  • /proc/<pid>/maps - Memory maps to executables and library files (2.4)
MaxV
  • 2,601
  • 3
  • 18
  • 25