系列文章目录
PMM_REGION NTAPI MmFindRegion(
PVOID BaseAddress,
PLIST_ENTRY RegionListHead,
PVOID Address,
PVOID* RegionBaseAddress
);
宏函数
//给定地址找到其中所属区块
c
#define CONTAINING_RECORD(address,type,field) ((type FAR *\
(PCHAR)(address)-(PCHAR)(&((type *)0)->field)))获取外层数据结构的指针
```
@[TOC](文章目录)
---
# MmFindRegion()
```c
//给定地址超导其所属区块
PMM_REGION NTAPI
MmFindRegion(PVOID BaseAddress, PLIST_ENTRY RegionListHead,
PVOID Address, PVOID * RegionBaseAddress)
{
PLIST_ENTRY current_entry;
PMM_REGION current;
PVOID StartAddress = BaseAddress;//搜索的起点
current_entry = RegionListHead->Flink;//获得第一个MM REGION区块指针
while (current_entry != RegionListHead)//遍历一个MEMORY AREA即某个区间的区块双向链表
{
//curren获得该指向该结构的首地址
current = CONTAINING_RECORD(current entry, MM REGION, RegionListEntry);
//若目标地址在(StartAddress ~startAddress+current->Length)说明找到了该地址所在区块
if (StartAddress <= Address &&
((char*)StartAddresS + current->Length) > (char*)Address) {//找到了
if (RegionBaseAddress != NULL)
*RegionBaseAddress = StartAddress;//将区块开始地址给RegionBaseAddress返回return(current);//返回该区块的结构信息
currententry = current_entry->Flink://下一个区块StartAddress =(PVOID)((ULONG PTR)StartAddress + current->Length);
return(NULL);
}
current_entry = current_entry->Flink;//下一个区块
StartAddress = (PVOID)((ULONG_PTR)StartAddress + current->Length);
}
return (NULL);
}
c