Apart from the original question, I have another relevant one:
My original AV problem was caused by a constant string in CreateProcess:
The relevent switch is the /Gf switch. The /GF switch enables a compiler
feature called string pooling - essentially constant strings are collapsed
together if they're the same string. If your code was compiled with the /Gf
switch (enable string pooling as read/write strings), then the constant
strings used for PROCESS_NAME would not be kept in a read-only section.
It seems to tell me that with the /Gf, the string will allow read/write. I
tried to add /Gf switch into the compiler command line, but it does not
help. The problem is still there: CreateProcess crashes the app due to AV.
I understand the right solution for this problem:
TCHAR szCommandLine = TEXT("NOTEPAD");
But I still wonder
1. How to determine the read/write property of the mem in windbg
2. How to use /Gf to allow write in the string.
Post by questioner
I get a AV today in my app. After looking into the call stack and reading
my source code, I find the reason: my code is writing to a constant
mov word ptr [eax],bx ds:0023:01335a06=0000
where eax = 1335a06
I wonder a windbg command that can directly tell me the property of the
address 1335a06: readonly/read&write.