Win32 programming
Download
1 / 12

Win32 Programming - PowerPoint PPT Presentation


  • 82 Views
  • Uploaded on

Win32 Programming. Lesson 15: Practical Windows Memory (If you can read this you have good vision). Where are we?. We’ve covered the theory of Windows memory, but not the details Let’s delve down into the details…. System Information. There are a lot of system information calls in Win32

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Win32 Programming' - zaide


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Win32 programming

Win32 Programming

Lesson 15: Practical Windows Memory

(If you can read this you have good vision)


Where are we
Where are we?

  • We’ve covered the theory of Windows memory, but not the details

  • Let’s delve down into the details…


System information
System Information

  • There are a lot of system information calls in Win32

  • We’ll focus on GetSystemInfo(lpSYSTEM_INFO);


System info
System_Info

  • typedef struct _SYSTEM_INFO { union { DWORD dwOemId; struct { WORD wProcessorArchitecture; WORD wReserved; }; }; DWORD dwPageSize; LPVOID lpMinimumApplicationAddress; LPVOID lpMaximumApplicationAddress; DWORD_PTR dwActiveProcessorMask; DWORD dwNumberOfProcessors; DWORD dwProcessorType; DWORD dwAllocationGranularity; WORD wProcessorLevel; WORD wProcessorRevision; } SYSTEM_INFO;


Which means what
Which means what?

  • dwPageSize: The CPU’s page size

  • lpMinimumApplicationAddress: The lowest usable address of process space

  • lpMaximumApplicationAddress: The highest usable address of process space

  • dwAllocationGranularity: The granularity of reserved memory regions

  • The rest doesn’t apply directly to memory


Example using the call
Example: Using the Call

  • Very straightforward – see Demo


Globalmemorystatus
GlobalMemoryStatus

  • Simple call, to find out the state of memory

  • Returns a MEMORY_STATUS structure with members:

    • typedef struct _MEMORYSTATUS { DWORD dwLength; DWORD dwMemoryLoad; SIZE_T dwTotalPhys; SIZE_T dwAvailPhys; SIZE_T dwTotalPageFile; SIZE_T dwAvailPageFile; SIZE_T dwTotalVirtual; SIZE_T dwAvailVirtual; } MEMORYSTATUS, *LPMEMORYSTATUS;


Caveat emptor
Caveat Emptor

  • Doesn’t work well with numbers larger than 4G… use GlobalMemoryStatusEx instead (see MSDN)

  • But easy to use… see my Demo .NET app


Determining the state of an address
Determining the State of an Address

  • Nice simple function to use:

    • DWORD VirtualQuery( LPCVOID pvAddress, PMEMORY_BASIC_INFORMATION pmbi, DWORD dwLength);

    • Can also do it inter-process: DWORD VirtualQueryEx… add HANDLE hProcess as the first parm…


Memory basic information
MEMORY_BASIC_INFORMATION

  • typedef struct _MEMORY_BASIC_INFORMATION { PVOID BaseAddress; PVOID AllocationBase; DWORD AllocationProtect; SIZE_T RegionSize; DWORD State; DWORD Protect; DWORD Type; } MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION;


Values
Values

  • BaseAddress: The same as the pvAddress, but rounded down to the nearest PageBoundary

  • AllocationBase: The start of this region

  • AllocationProtect: The protection attribute originally assigned to the region

  • RegionSize: The size in bytes of the region

  • State: The state (MEM_FREE, MEM_RESERVE, MEM_COMMIT) for all adjoining pages

  • Protect: The protection attribute of all adjoining pages

  • Type: Where is the information stored? (MEM_IMAGE, MEM_MAPPED, MEM_PRIVATE)

  • See MSDN for more information


Big example
*Big* Example

  • Let’s look at a program which prints out quite a lot of memory information…


ad