Jump to content

DosQueryMemState

From EDM2
Revision as of 04:58, 9 January 2017 by Ak120 (talk | contribs)

DosQueryMemState gets the status of a range of pages in memory. Its input parameters are an address and size. The address is rounded down to page boundary and size is rounded up to a whole number of pages. The status of the pages in the range is returned in the state parameter, and the size of the range queried is returned in the size parameter. If the pages in the range have conflicting states, then the state of the first page is returned.

Syntax

APIRET APIENTRY DosQueryMemState ( PVOID addr, PULONG psize, PULONG pflags ) ;

Linkage Definition:

IMPORTS DOSQUERYMEMSTATE = DOSCALL1.307

Parameters

PVOID addr
Base address of pages to be queried.
PULONG psize
Pointer to location in user space that contains the requested size of the region to query.
PULONG pflags
Pointer to location in user space that will receive the attribute flags describing the region.
The attribute flags are defined as follows:
┌────────────────────┬──────────┬──────────────────────────────────┐
│PAG_NPOUT           │0x00000000│Page is not present, not in core. │
├────────────────────┼──────────┼──────────────────────────────────┤
│PAG_PRESENT         │0x00000001│Page is present.                  │
├────────────────────┼──────────┼──────────────────────────────────┤
│PAG_NPIN            │0x00000002│Page is not present, but in core. │
├────────────────────┼──────────┼──────────────────────────────────┤
│PAG_PRESMASK        │0x00000003│Present state mask.               │
├────────────────────┼──────────┼──────────────────────────────────┤
│PAG_RESIDENT        │0x00000010│Page is resident (non-swappable). │
├────────────────────┼──────────┼──────────────────────────────────┤
│PAG_SWAPPABLE       │0x00000020│Page is swappable.                │
├────────────────────┼──────────┼──────────────────────────────────┤
│PAG_DISCARDABLE     │0x00000030│Page is discardable.              │
└────────────────────┴──────────┴──────────────────────────────────┘

Return Code

ulrc (APIRET) returns

DosQueryMemState returns one of the following values

  • 0 NO_ERROR
  • 87 ERROR_INVALID_PARAMETER
  • 487 ERROR_INVALID_ADDRESS

This function returns zero if successful. The information returned by this function is extremely volatile, and decisions based upon it should reflect that volatility.

Example Code

int main(int argc, char *argv[], char *envp[]){
   APIRET rc=0;
   PVOID pMem;
   ULONG status;
   ULONG size;
   ULONG pages;
   ULONG onepage = 0x1000;

   if (argc   3) {

      printf("Syntax  MEMSTATE  address>  size>\n");
      return 0;

   } else {

      pMem = (PVOID) strtoul(argv[1], NULL, 0);
      size = strtoul(argv[2], NULL, 0);
      pages = (size+0x0fff) >> 12;

      printf("address     state\n");
      while (pages--) {

         rc = DosQueryMemState(pMem,  onepage,  status);

         if (rc) printf("0x%08x DosQueryMemState returned %u\n",pMem, rc);
         else {
            printf("0x%08x 0x%08x ", pMem, status);
            if ((status   PAG_PRESMASK) == PAG_NPOUT) printf("not present, not in-core, ");
            else if (status   PAG_PRESENT) printf("present, in-core, ");
            else if (status   PAG_NPIN) printf("not present, in-core, ");

            if ((status   PAG_TYPEMASK) == PAG_INVALID) printf("invalid\n");
            if ((status   PAG_TYPEMASK) == PAG_RESIDENT) printf("resident\n");
            if ((status   PAG_TYPEMASK) == PAG_SWAPPABLE) printf("swappable\n");
            if ((status   PAG_TYPEMASK) == PAG_DISCARDABLE) printf("discardable\n");
         }
         pMem = (PVOID)((ULONG)pMem + 0x1000);

      } /* endwhile */

   } /* end if*/

   return rc;
}

Related Functions

Retrieved from "https://www.edm2.com/index.php?title=DosQueryMemState&oldid=39699"