PE text 섹션 속성에 따른 VirtualQuery

PE파일에서 .text 섹션의 파일 상에서 이렇게 저렇게 바꾸면서 VirtualQuery 로 해당 섹션이 메모리에 올라왔을 때 메모리 속성을 정리하겠습니다. ( 순전히 저만의 테스트 용도 )

많이 사용되는 속성들만 정리를 하겠습니다. 속성의 값이 많아 모든 조합을 다 해버리면 개수가 ㅎㄷㄷ..

Section Header의 Characteristics 의 값 => MEMORY_BASIC_INFORMATION 구조체 값

MEMORY_BASIC_INFORMAITON 구조체에는

 - AllocationProtect

 - Protect

 - State

 - Type 

순으로 적었습니다.

Characteristics	Section attribute in file	Section attribute in memory (MEMORY_BASIC_INFORMATION)
0x00000000	None	Crash
0x20000000	EXECUTABLE	PAGE_EXECUTE_WRITECOPY PAGE_EXECUTE MEM_COMMIT MEM_IMAGE
0x40000000	READABLE	PAGE_EXECUTE_WRITECOPY PAGE_READONLY MEM_COMMIT MEM_IMAGE
0x80000000	WRITEABLE	PAGE_EXECUTE_WRITECOPY PAGE_WRITECOPY MEM_COMMIT MEM_IMAGE
0x60000020	EXECUTABLE READABLE CODE	PAGE_EXECUTE_WRITECOPY PAGE_EXECUTE_READ MEM_COMMIT MEM_IMAGE
0xE0000040	EXECUTABLE READABLE WRITEABLE INITIALIZED DATA	PAGE_EXECUTE_WRITECOPY PAGE_EXECUTE_WRITECOPY MEM_COMMIT MEM_IMAGE
0xE0000060	EXECUTABLE READABLE WRITEABLE CODE INITIALIZED DATA	PAGE_EXECUTE_WRITECOPY PAGE_EXECUTE_WRITECOPY MEM_COMMIT MEM_IMAGE
0xE0000080	EXECUTABLE READABLE WRITEABLE UNINITIALIZED DATA	PAGE_EXECUTE_WRITECOPY PAGE_EXECUTE_WRITECOPY MEM_COMMIT MEM_IMAGE
0xE00000A0	EXECUTABLE READABLE WRITEABLE CODE UNINITIALIZED DATA	PAGE_EXECUTE_WRITECOPY PAGE_EXECUTE_WRITECOPY MEM_COMMIT MEM_IMAGE
0xE00000E0	EXECUTABLE READABLE WRITEABLE CODE INITIALIZED DATA UNINITIALIZED DATA	PAGE_EXECUTE_WRITECOPY PAGE_EXECUTE_WRITECOPY MEM_COMMIT MEM_IMAGE
0xE0000000	EXECUTABLE READABLE WRITEABLE	PAGE_EXECUTE_WRITECOPY PAGE_EXECUTE_WRITECOPY MEM_COMMIT MEM_IMAGE
0xA0000000	EXECUTABLE WRITEABLE	PAGE_EXECUTE_WRITECOPY PAGE_EXECUTE_WRITECOPY MEM_COMMIT MEM_IMAGE
0x60000000	EXECUTABLE READABLE	PAGE_EXECUTE_WRITECOPY PAGE_EXECUTE_READ MEM_COMMIT MEM_IMAGE
0x60000060	EXECUTABLE READABLE CODE INITIALIZED DATA	PAGE_EXECUTE_WRITECOPY PAGE_EXECUTE_READ MEM_COMMIT MEM_IMAGE
0xE2000060	EXECUTABLE READABLE WRITEABLE CAN BE DISCARDED CODE INITIALIZED DATA	PAGE_EXECUTE_WRITECOPY PAGE_EXECUTE_WRITECOPY MEM_COMMIT MEM_IMAGE