Jump to content
Tuts 4 You

VirtualQuery dumping manually mapped pages

big_coder

By big_coder
in Programming and Coding

Recommended Posts

big_coder

big_coder

Posted
Posted (edited)

Hello. I'm trying to use VirtualQuery to scan for manually mapped / loaded without LoadLibrary DLL pages inside of a process. I'm scanning between the maximum and minimum application addresses from GetSystemInfo, and increment the current address passed into VirtualQuery each loop itteration by RegionSize from MEMORY_BASIC_INFORMATION; My question is, what checks should I put on MBI allocationbase, state, protect, type etc. in order to find manually mapped pages of the DLL in the process. In the end I want to be able to dump the pages of the .text, .rdata, .data, etc. segments from the process for further analysis.

Edited by big_coder

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...