如何以编程方式找到合适的区域来重新加载已卸载的模块而没有重叠？

如何解决如何以编程方式找到合适的区域来重新加载已卸载的模块而没有重叠？

我正在开发用于转储分析的windbg扩展，该扩展需要来自卸载模块的符号。我正在使用函数 IDebugSymbols3::Reload，它类似于.reload命令。如果原来由模块占用的区域不再可用，我必须明确指定要加载到的新基址。

如果要手动调试，则可能会使用!address扩展名列出可用区域并查找足够大的区域。如何以编程方式在目标的地址空间中找到合适的位置来使用？

解决方法

GetNumberModules（），用于计算已加载和已卸载模块的数量
循环获取基数和大小的GetModuleParameters

或者也许 IDebugDataSpaces2 :: QueryVirtual

#include <engextcpp.cpp>
#define MAX_MOD 0x100
class EXT_CLASS : public ExtExtension
{
public:
    EXT_COMMAND_METHOD(getoff);
};
EXT_DECLARE_GLOBALS();
EXT_COMMAND(getoff,"","")
{
    ULONG Loaded = 0;
    ULONG UnLoaded = 0;
    m_Symbols->GetNumberModules(&Loaded,&UnLoaded);
    Out("No of Loaded Modules =%u\n",Loaded);
    Out("No of UnLoaded Modules =%u\n",UnLoaded);
    DEBUG_MODULE_PARAMETERS Mdprm[MAX_MOD] = {0}; //fix
    if(Loaded < MAX_MOD) 
    {
        for(ULONG i=0;i< Loaded;i++)
        {
            m_Symbols->GetModuleParameters(1,NULL,i,&Mdprm[i]);            
            Out("Base&Size Mod %2u %16I64x %8x\n",Mdprm[i].Base,Mdprm[i].Size);
        }
    }    
}

在Win7 x86上使用18362 includes与vs2017 dev cmd提示符进行编译并链接

E:\sdk\getoff>cat complink.bat
cl /LD /nologo /W4 /Ox  /Zi /EHsc /IE:\windjs\windbg_18362\inc %1.cpp /link /EXPORT:DebugExtensionInitialize /Export:%1 /Export:help /RELEASE

导致

0:000> .load ./getoff.dll
0:000> !getoff
No of Loaded Modules =38
No of UnLoaded Modules =0
Base&Size Mod  0            90000    28000
Base&Size Mod  1         64ce0000   5e1000
Base&Size Mod  2         656c0000   190000
Base&Size Mod  3         65f80000    82000
Base&Size Mod  4         66010000    dc000
Base&Size Mod  5         662b0000     3000
Base&Size Mod  6         662c0000     5000
Base&Size Mod  7         662d0000     3000
Base&Size Mod  8         662f0000     3000
Base&Size Mod  9         66310000    10000
Base&Size Mod 10         66320000     3000
Base&Size Mod 11         667b0000     3000
Base&Size Mod 12         667c0000     3000
Base&Size Mod 13         66e80000     4000
Base&Size Mod 14         687d0000     4000
Base&Size Mod 15         68820000     4000
Base&Size Mod 16         68830000     3000
Base&Size Mod 17         68840000     3000
Base&Size Mod 18         6a200000     3000
Base&Size Mod 19         6a300000     3000
Base&Size Mod 20         6a340000     3000
Base&Size Mod 21         6a900000    10000
Base&Size Mod 22         6e660000     3000
Base&Size Mod 23         73b30000     4000
Base&Size Mod 24         74510000    2f000
Base&Size Mod 25         74890000     3000
Base&Size Mod 26         756f0000    17000
Base&Size Mod 27         75bc0000    4a000
Base&Size Mod 28         75f10000     a000
Base&Size Mod 29         761f0000    d4000
Base&Size Mod 30         76330000   15c000
Base&Size Mod 31         764d0000    c9000
Base&Size Mod 32         76790000    a1000
Base&Size Mod 33         76840000    9d000
Base&Size Mod 34         778b0000    8f000
Base&Size Mod 35         77940000    ac000
Base&Size Mod 36         779f0000   13c000
Base&Size Mod 37         77b40000    4e000
0:000>