2OO1, 15 April
MEMORY_BASIC_INFORMATION
MEMORY_BASIC_INFORMATION
typedef struct _MEMORY_BASIC_INFORMATION {
PVOID BaseAddress;
PVOID AllocationBase;
ULONG AllocationProtect;
ULONG RegionSize;
ULONG State;
ULONG Protect;
ULONG Type;
} MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION;
Structure MEMORY_BASIC_INFORMATION is returned as a
reselt of call
NtQueryVirtualMemory with MemoryBasicInformation
information class. It's also descripted in Ms SDK.
- BaseAddress Address of queried memory
page.
- AllocationBase Base address of
allocation. It's different (typically less) to BaseAddress when
user allocate more then one page length memory block, and change
attributes of a part of allocated block.
- AllocationProtect Access type on memory
allocation. Can be one or combination of following attributes:
- PAGE_NOACCESS
- PAGE_READONLY
- PAGE_READWRITE
- PAGE_WRITECOPY
- PAGE_EXECUTE
- PAGE_EXECUTE_READ
- PAGE_EXECUTE_READWRITE
- PAGE_EXECUTE_WRITECOPY
- PAGE_GUARD
- PAGE_NOCACHE
- PAGE_WRITECOMBINE
- RegionSize Size of queried region, in
bytes.
- State State of memory block. Can be one
of:
- MEM_RESERVE
- MEM_COMMIT
- MEM_FREE
- Protect Current protection of queried
memory block. Can be one or combination of values listed for
AllocationProtect member.
- Type Type of queried memory block. Can
be one of:
- MEM_PRIVATE - Queried block was allocated by call
NtAllocateVirtualMemory,
- MEM_MAPPED - Queried block is memory mapped Section
Object,
- SEC_IMAGE - Queried block is Section Object representing
executable image file in memory.
- Documented by:
- Tomasz Nowak
Requirements:
- Library: ntdll.lib
See also:
- MEMORY_INFORMATION_CLASS
-
NtAllocateVirtualMemory
-
NtProtectVirtualMemory
-
NtQueryVirtualMemory