Receiving information about memory

Information about API functions is provided in the table below.

Getting information about a virtual memory page

To get information about the virtual memory page, call the KnVmQuery() function.

Get the MDL buffer size

To get the MDL buffer size, call the KnPmmMdlGetSize() function.

Getting information about a virtual memory region that is mapped to an MDL buffer

MDL buffers are used not only to create shared memory and to load ELF image segments into the memory of a new process, but also to create a memory dump from a process that is in a "frozen" state. The KnTaskGetNextVmRegion() function from the task_api.h API creates an MDL buffer from physical memory that is mapped to a virtual memory region of a process that is in a frozen state. The memory descriptor list from this MDL buffer may contain fictitious physical memory regions for which a size is defined but no address is specified. Fictitious physical memory regions in the memory descriptor list of the MDL buffer correspond to sections of non-committed pages in a virtual memory region of a process that is in a frozen state. The MDL buffer that was created by the KnTaskGetNextVmRegion() function must be mapped to the virtual memory region of the process that created the dump to then save its contents. This mapping is done by calling the KnPmmMdlMap() function. This virtual memory region will contain sections of non-committed pages if the memory descriptor list of the MDL buffer contains fictitious physical memory regions. If the process that created the dump will query sections of non-committed pages in the virtual memory region that is mapped to the MDL buffer, this will lead to an undesirable allocation of physical memory. Information about the arrangement of committed and non-committed pages in a virtual memory region that is mapped to the MDL buffer will allow the process that created the dump to avoid querying sections of non-committed pages in this virtual memory region.

To receive information about the arrangement of committed and non-committed pages in a virtual memory region that is mapped to the MDL buffer, you must use the KnPmmMdlGetUsageMap() function. The function uses the counters parameter to pass the array of counters of committed and non-committed pages. The counters of committed and non-committed pages are strictly alternated. This indicates that a section of committed pages is followed by a section of non-committed pages, and vice versa. The output parameter firstUsed lets you define which counter is the first in the array: the counter of committed pages or the counter of non-committed pages.

To collect information about one virtual memory region, you may need to call the KnPmmMdlGetUsageMap() function again for the following reasons:

The maximum number of counters passed by the function during one call is limited.
The function stops collecting information if the counter of committed or non-committed pages reaches the maximum value.

When the KnPmmMdlGetUsageMap() function is called again, you must use the startPage parameter to specify the offset, which is the number of pages whose information was collected during previous calls of the function.

To make sure that information was collected for the entire virtual memory region that is mapped to the MDL buffer, you must verify that one of the following conditions is fulfilled:

The sum of the values of counters received as a result of all executed calls of the KnPmmMdlGetUsageMap() function matches the size of the MDL buffer.
The actual number of counters passed by the KnPmmMdlGetUsageMap() function via the usedCounters parameter when the call is repeated is equal to zero.

Information about API functions

vmm_api.h functions

Function	Information about the function
`KnVmQuery()`	Purpose Gets information about a virtual memory page. Parameters [in] `addr` – address included in the virtual memory page. [out] `info` – pointer to the structure containing information about the virtual memory page. The type of structure is defined in the header file `sysroot-*-kos/include/vmm/info.h` from the KasperskyOS SDK. Returned values If successful, the function returns `rcOk`, otherwise it returns an error code.
`KnPmmMdlGetSize()`	Purpose Gets the size of the MDL buffer. Parameters [in] `handle` – MDL buffer handle. [out] `size` – size (in bytes) of the MDL buffer. Returned values If successful, the function returns `rcOk`, otherwise it returns an error code.
`KnPmmMdlGetUsageMap()`	Purpose Receives information about the arrangement of committed and non-committed pages in a virtual memory region that is mapped to the MDL buffer. Parameters [in] `handle` – MDL buffer handle. [in] `startPage` – virtual memory region offset from which the information collection starts in memory pages. [out] `firstUsed` – pointer to the boolean value indicating which counter is the first counter in the `counters` parameter: committed pages counter (`rtl_true`) or non-committed pages counter (`rtl_false`). [in,out] `usedCounters` – input data: pointer to the maximum number of counters in the array defined via the `counters` parameter (must not exceed the value of the `MappingUsesSlots` constant defined in the file named `sysroot-*-kos/include/kl/core/VMM.idl` from the KasperskyOS SDK); output data: pointer to the actual number of counters in the array defined via the `counters` parameter. [out] `counters` – pointer to the array containing counters of committed and non-committed pages. Returned values If successful, the function returns `rcOk`, otherwise it returns an error code.

Function

Information about the function

KnVmQuery()

Purpose

Gets information about a virtual memory page.

Parameters

[in] addr – address included in the virtual memory page.
[out] info – pointer to the structure containing information about the virtual memory page. The type of structure is defined in the header file sysroot-*-kos/include/vmm/info.h from the KasperskyOS SDK.

Returned values

If successful, the function returns rcOk, otherwise it returns an error code.

KnPmmMdlGetSize()

Purpose

Gets the size of the MDL buffer.

Parameters

[in] handle – MDL buffer handle.
[out] size – size (in bytes) of the MDL buffer.

Returned values

If successful, the function returns rcOk, otherwise it returns an error code.

KnPmmMdlGetUsageMap()

Purpose

Receives information about the arrangement of committed and non-committed pages in a virtual memory region that is mapped to the MDL buffer.

Parameters

[in] handle – MDL buffer handle.
[in] startPage – virtual memory region offset from which the information collection starts in memory pages.
[out] firstUsed – pointer to the boolean value indicating which counter is the first counter in the counters parameter: committed pages counter (rtl_true) or non-committed pages counter (rtl_false).
[in,out] usedCounters – input data: pointer to the maximum number of counters in the array defined via the counters parameter (must not exceed the value of the MappingUsesSlots constant defined in the file named sysroot-*-kos/include/kl/core/VMM.idl from the KasperskyOS SDK); output data: pointer to the actual number of counters in the array defined via the counters parameter.
[out] counters – pointer to the array containing counters of committed and non-committed pages.

Returned values

If successful, the function returns rcOk, otherwise it returns an error code.

Page top