如何查找地址是否属于代码或数据节 [英] How to find if an address belongs to the code or data sections

问题描述

给定一个地址，我想在运行时找不到访问磁盘上的PE头，如果它属于.text部分（是否有任何其他可执行部分？）。

更多详细信息：

地址在我运行的同一个进程，但它可以形成一个不同的dll静态库或运行该过程的可执行文件。

我在Windows上运行使用VS2010 Win32 。

解决方案

您希望 VirtualQuery 。它填写 MEMORY_BASIC_INFORMATION 结构。如果 mbi.Type == MEM_IMAGE ，您正在查看映射的图像。您可能还需要查看 AllocationProtect 以检查 PAGE_EXECUTE 或其中一个变体（否则您可能看起来在类似于从可执行文件映射的只读数据，例如位图资源或该顺序上的东西）。

Given an address I want to find at runtime without access the PE header on disk if it belongs to the .text section (Is there any other executable section?).
More details:
The address is in the same process that I'm running but it can be form a different dll static library or the executable that runs the process.
I'm running on windows using VS2010 Win32.

解决方案

You want VirtualQuery. It fills in a MEMORY_BASIC_INFORMATION structure. If mbi.Type == MEM_IMAGE, you're looking at a mapped image. You probably also want to look at the AllocationProtect to check for PAGE_EXECUTE or one of its variants (otherwise you could be looking at something like read-only data mapped from the executable, such as a bitmap resource or something on that order).

这篇关于如何查找地址是否属于代码或数据节的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！