PE截面特性的识别
[英]Identification of PE section characteristic
问题描述
I need to identify, whether a given pointer is a pointer to a writable or non-writable memory. 
我需要确定给定的指针是指向可写或不可写内存的指针。 I think, it might be identified by that the pointer points to a PE section, and the section has not the IMAGE_SCN_MEM_WRITE flag set. 我认为,可以通过指针指向PE节来识别该节,并且该节没有设置IMAGE_SCN_MEM_WRITE标志。
Is there any simple way, how to obtain the section characteristic based on just pointer? 有什么简单的方法,如何仅基于指针来获得截面特征? (I don't want to parse the PE in runtime, I expect, there is some direct way. (我不想在运行时解析PE,我希望有一些直接的方法。
1 个解决方案
解决方案1
0 2014-11-24 10:49:03
VirtualQuery will give you the required information, if the PE file has been loaded into memory. 如果PE文件已加载到内存中,则VirtualQuery将为您提供所需的信息。 It doesn't make sense to have a pointer to something that's not loaded in memory, so this is probably sufficient for your purpose. 没有指向内存中未加载内容的指针是没有意义的,因此这足以满足您的目的。
Since VirtualQuery works on pages, round down the pointer to the previous page boundary, and set the length to check to just one page. 由于VirtualQuery可在页面上使用,因此将指针向下舍入到上一个页面边界,并将长度设置为仅检查一页。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.