Discussion:
How to determine the read property at a memory address
(too old to reply)
questioner
2008-10-05 09:41:45 UTC
Permalink
I get a AV today in my app. After looking into the call stack and reading my
source code, I find the reason: my code is writing to a constant string. The
asm that throws the AV exception is:
mov word ptr [eax],bx ds:0023:01335a06=0000
where eax = 1335a06

I wonder a windbg command that can directly tell me the property of the
address 1335a06: readonly/read&write.

Thanks
questioner
2008-10-05 11:10:19 UTC
Permalink
Apart from the original question, I have another relevant one:

My original AV problem was caused by a constant string in CreateProcess:
http://blogs.msdn.com/larryosterman/archive/2005/04/15/what-s-wrong-with-this-code-part-11-the-answers.aspx

The relevent switch is the /Gf switch. The /GF switch enables a compiler
feature called string pooling - essentially constant strings are collapsed
together if they're the same string. If your code was compiled with the /Gf
switch (enable string pooling as read/write strings), then the constant
strings used for PROCESS_NAME would not be kept in a read-only section.

It seems to tell me that with the /Gf, the string will allow read/write. I
tried to add /Gf switch into the compiler command line, but it does not
help. The problem is still there: CreateProcess crashes the app due to AV.

I understand the right solution for this problem:
TCHAR szCommandLine[] = TEXT("NOTEPAD");
But I still wonder
1. How to determine the read/write property of the mem in windbg
2. How to use /Gf to allow write in the string.

Thanks
Post by questioner
I get a AV today in my app. After looking into the call stack and reading
my source code, I find the reason: my code is writing to a constant
mov word ptr [eax],bx ds:0023:01335a06=0000
where eax = 1335a06
I wonder a windbg command that can directly tell me the property of the
address 1335a06: readonly/read&write.
Thanks
Kalle Olavi Niemitalo
2008-10-05 14:52:31 UTC
Permalink
Post by questioner
It seems to tell me that with the /Gf, the string will allow
read/write. I tried to add /Gf switch into the compiler command line,
but it does not help. The problem is still there: CreateProcess
crashes the app due to AV.
Are you using Visual C++ 2005? It does not support /Gf.

Breaking Changes in the Visual C++ 2005 Compiler
http://msdn.microsoft.com/en-us/library/ms177253.aspx

Continue reading on narkive:
Loading...