OSDev.org

The Place to Start for Operating System Developers
It is currently Tue Mar 19, 2024 12:33 am

All times are UTC - 6 hours




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: Accessing .text section code pages of a Windows 7 process
PostPosted: Tue Apr 05, 2016 4:22 am 
Offline

Joined: Tue Apr 05, 2016 4:11 am
Posts: 1
Hi,

I am a programmer, new to Windows systems development. I want to access the .text section (i.e. the code) of a running process on Windows 7 and above. Basically, I am doing this as a self-study exercise. I can inspect a PE file, and print-out the code disassembly. Instead of static inspection, I now want to perform dynamic inspection of the code section in the loaded process, iterate over the code pages and print the code (or do a checksum, etc.). I am also open to writing a driver module if need be.

I briefly googled and found functions such as ZwQueryInformationProcess, ReadProcessMemory, VirtualQueryEx, etc. Also, I had a quick look at the EPROCESS structure and its members. Please suggest the best way to approach this problem. I know that EPROCESS structure varies between Windows versions and am willing to live with one particular version for now.

I am also wondering what would happen when we read the code pages that are swapped out to the disk. Will the above inspection functions and structures generate a page fault internally and fetch the page in the physical memory for reading?

Thanks.


Top
 Profile  
 
 Post subject: Re: Accessing .text section code pages of a Windows 7 proces
PostPosted: Mon Apr 18, 2016 11:21 am 
Offline
Member
Member
User avatar

Joined: Mon Apr 18, 2016 9:50 am
Posts: 138
Location: New York New York
I assume you figured this out, but ten seconds on google gave me:

http://stackoverflow.com/questions/22588151/how-to-find-data-segment-and-code-segment-range-in-program

Also yes on page swapping, but it's kind of a silly question as that's not something, at a fundamental level, your usermode code will ever be able to be aware of. A user mode application doesn't even know page swapping exists.

_________________
The OS is P5. Don't expect it to build.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 11 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group