EXPORT
SIZE_T VirtualQueryEx(HANDLE hProcess, LPCVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, SIZE_T dwLength){
unsigned int addr, prot, size = 0;
addr = (unsigned int) lpAddress;
if(virtual_query(hProcess, &addr, &prot, &size)){
return 0;
}
lpBuffer->BaseAddress = addr;
lpBuffer->Protect = prot;
lpBuffer->RegionSize = size;
lpBuffer->State = MEM_COMMIT; // dunno what this means or the equiv for mac, but needed for snapshotting.
return sizeof(MEMORY_BASIC_INFORMATION);
}
const uint8_t *module_from_address(const uint8_t *addr)
{
MEMORY_BASIC_INFORMATION_CROSS mbi;
if(virtual_query(addr, &mbi) == FALSE ||
range_is_readable((const uint8_t *) mbi.AllocationBase, 2) == 0) {
return NULL;
}
addr = (const uint8_t *) mbi.AllocationBase;
// We're looking for either an MZ header or the image base address
// of our monitor.
if(our_memcmp(addr, "MZ", 2) == 0 || addr == g_monitor_base_address) {
return addr;
}
return NULL;
}
