Memory Maps
Virtual memory is a fundamental concept in operating systems. It allows the operating system to provide each process with its own address space, which is isolated from other processes. This isolation is crucial for security and stability reasons. The memory of a process is divided into regions called memory maps. Each memory map has a starting address, an ending address, and a set of permissions (read, write, execute).
In libdebug, you can access the memory maps of a process using the maps
attribute of the Debugger object.
The maps
attribute returns a list of MemoryMap objects, which contain the following attributes:
Attribute | Type | Description |
---|---|---|
start |
int |
The start address of the memory map. There is also an equivalent alias called base . |
end |
int |
The end address of the memory map. |
permissions |
str |
The permissions of the memory map. |
size |
int |
The size of the memory map. |
offset |
int |
The offset of the memory map relative to the backing file. |
backing_file |
str |
The backing file of the memory map, or the symbolic name of the memory map. |
Filtering Memory Maps
You can filter memory maps based on their attributes using the filter()
method of the maps
attribute. The filter()
method accepts a value that can be either a memory address (int
) or a symbolic name (str
) and returns a list of MemoryMap objects that match the criteria.
The behavior of the memory map filtering depends on the type of the value
parameter:
Queried Value | Return Value |
---|---|
Integer (memory address) | Map that contains the address |
String (symbolic map name) | List of maps with backing file matching the symbolic name |