ホーム › System.Hypervisor › ScanMemoryForDosImages
ScanMemoryForDosImages
関数メモリ範囲を走査してPE/DOSイメージを検出する。
シグネチャ
// VmSavedStateDumpProvider.dll
#include <windows.h>
HRESULT ScanMemoryForDosImages(
void* vmSavedStateDumpHandle,
DWORD vpId,
ULONGLONG startAddress,
ULONGLONG endAddress,
void* callbackContext,
FOUND_IMAGE_CALLBACK foundImageCallback,
ULONGLONG* standaloneAddress,
DWORD standaloneAddressCount
);パラメーター
| 名前 | 型 | 方向 |
|---|---|---|
| vmSavedStateDumpHandle | void* | inout |
| vpId | DWORD | in |
| startAddress | ULONGLONG | in |
| endAddress | ULONGLONG | in |
| callbackContext | void* | inout |
| foundImageCallback | FOUND_IMAGE_CALLBACK | in |
| standaloneAddress | ULONGLONG* | in |
| standaloneAddressCount | DWORD | in |
戻り値の型: HRESULT
各言語での呼び出し定義
// VmSavedStateDumpProvider.dll
#include <windows.h>
HRESULT ScanMemoryForDosImages(
void* vmSavedStateDumpHandle,
DWORD vpId,
ULONGLONG startAddress,
ULONGLONG endAddress,
void* callbackContext,
FOUND_IMAGE_CALLBACK foundImageCallback,
ULONGLONG* standaloneAddress,
DWORD standaloneAddressCount
);[DllImport("VmSavedStateDumpProvider.dll", ExactSpelling = true)]
static extern int ScanMemoryForDosImages(
IntPtr vmSavedStateDumpHandle, // void* in/out
uint vpId, // DWORD
ulong startAddress, // ULONGLONG
ulong endAddress, // ULONGLONG
IntPtr callbackContext, // void* in/out
IntPtr foundImageCallback, // FOUND_IMAGE_CALLBACK
ref ulong standaloneAddress, // ULONGLONG*
uint standaloneAddressCount // DWORD
);<DllImport("VmSavedStateDumpProvider.dll", ExactSpelling:=True)>
Public Shared Function ScanMemoryForDosImages(
vmSavedStateDumpHandle As IntPtr, ' void* in/out
vpId As UInteger, ' DWORD
startAddress As ULong, ' ULONGLONG
endAddress As ULong, ' ULONGLONG
callbackContext As IntPtr, ' void* in/out
foundImageCallback As IntPtr, ' FOUND_IMAGE_CALLBACK
ByRef standaloneAddress As ULong, ' ULONGLONG*
standaloneAddressCount As UInteger ' DWORD
) As Integer
End Function' vmSavedStateDumpHandle : void* in/out
' vpId : DWORD
' startAddress : ULONGLONG
' endAddress : ULONGLONG
' callbackContext : void* in/out
' foundImageCallback : FOUND_IMAGE_CALLBACK
' standaloneAddress : ULONGLONG*
' standaloneAddressCount : DWORD
Declare PtrSafe Function ScanMemoryForDosImages Lib "vmsavedstatedumpprovider" ( _
ByVal vmSavedStateDumpHandle As LongPtr, _
ByVal vpId As Long, _
ByVal startAddress As LongLong, _
ByVal endAddress As LongLong, _
ByVal callbackContext As LongPtr, _
ByVal foundImageCallback As LongPtr, _
ByRef standaloneAddress As LongLong, _
ByVal standaloneAddressCount As Long) As Long
' VBA7前提(PtrSafe)。32bit Office では LongPtr→Long。Integer=16bit / Long=32bit / LongLong=64bit。import ctypes
from ctypes import wintypes
ScanMemoryForDosImages = ctypes.windll.vmsavedstatedumpprovider.ScanMemoryForDosImages
ScanMemoryForDosImages.restype = ctypes.c_int
ScanMemoryForDosImages.argtypes = [
ctypes.POINTER(None), # vmSavedStateDumpHandle : void* in/out
wintypes.DWORD, # vpId : DWORD
ctypes.c_ulonglong, # startAddress : ULONGLONG
ctypes.c_ulonglong, # endAddress : ULONGLONG
ctypes.POINTER(None), # callbackContext : void* in/out
ctypes.c_void_p, # foundImageCallback : FOUND_IMAGE_CALLBACK
ctypes.POINTER(ctypes.c_ulonglong), # standaloneAddress : ULONGLONG*
wintypes.DWORD, # standaloneAddressCount : DWORD
]require 'fiddle'
require 'fiddle/import'
lib = Fiddle.dlopen('VmSavedStateDumpProvider.dll')
ScanMemoryForDosImages = Fiddle::Function.new(
lib['ScanMemoryForDosImages'],
[
Fiddle::TYPE_VOIDP, # vmSavedStateDumpHandle : void* in/out
-Fiddle::TYPE_INT, # vpId : DWORD
-Fiddle::TYPE_LONG_LONG, # startAddress : ULONGLONG
-Fiddle::TYPE_LONG_LONG, # endAddress : ULONGLONG
Fiddle::TYPE_VOIDP, # callbackContext : void* in/out
Fiddle::TYPE_VOIDP, # foundImageCallback : FOUND_IMAGE_CALLBACK
Fiddle::TYPE_VOIDP, # standaloneAddress : ULONGLONG*
-Fiddle::TYPE_INT, # standaloneAddressCount : DWORD
],
Fiddle::TYPE_INT)#[link(name = "vmsavedstatedumpprovider")]
extern "system" {
fn ScanMemoryForDosImages(
vmSavedStateDumpHandle: *mut (), // void* in/out
vpId: u32, // DWORD
startAddress: u64, // ULONGLONG
endAddress: u64, // ULONGLONG
callbackContext: *mut (), // void* in/out
foundImageCallback: *const core::ffi::c_void, // FOUND_IMAGE_CALLBACK
standaloneAddress: *mut u64, // ULONGLONG*
standaloneAddressCount: u32 // DWORD
) -> i32;
}
// crates: windows-sys provides ready-made bindings for this API.$sig = @"
[DllImport("VmSavedStateDumpProvider.dll")]
public static extern int ScanMemoryForDosImages(IntPtr vmSavedStateDumpHandle, uint vpId, ulong startAddress, ulong endAddress, IntPtr callbackContext, IntPtr foundImageCallback, ref ulong standaloneAddress, uint standaloneAddressCount);
"@
$api = Add-Type -MemberDefinition $sig -Name 'VmSavedStateDumpProvider_ScanMemoryForDosImages' -Namespace Win32 -PassThru
# $api::ScanMemoryForDosImages(vmSavedStateDumpHandle, vpId, startAddress, endAddress, callbackContext, foundImageCallback, standaloneAddress, standaloneAddressCount)#uselib "VmSavedStateDumpProvider.dll"
#func global ScanMemoryForDosImages "ScanMemoryForDosImages" sptr, sptr, sptr, sptr, sptr, sptr, sptr, sptr
; ScanMemoryForDosImages vmSavedStateDumpHandle, vpId, startAddress, endAddress, callbackContext, foundImageCallback, varptr(standaloneAddress), standaloneAddressCount ; 戻り値は stat
; vmSavedStateDumpHandle : void* in/out -> "sptr"
; vpId : DWORD -> "sptr"
; startAddress : ULONGLONG -> "sptr"
; endAddress : ULONGLONG -> "sptr"
; callbackContext : void* in/out -> "sptr"
; foundImageCallback : FOUND_IMAGE_CALLBACK -> "sptr"
; standaloneAddress : ULONGLONG* -> "sptr"
; standaloneAddressCount : DWORD -> "sptr"
; ※HSP3.7は int64 引数(64bit値渡し)に非対応です。
; ※HSP3.7は #func のため戻り値はシステム変数 stat に格納されます。出力引数:
#uselib "VmSavedStateDumpProvider.dll" #cfunc global ScanMemoryForDosImages "ScanMemoryForDosImages" sptr, int, int64, int64, sptr, sptr, var, int ; res = ScanMemoryForDosImages(vmSavedStateDumpHandle, vpId, startAddress, endAddress, callbackContext, foundImageCallback, standaloneAddress, standaloneAddressCount) ; vmSavedStateDumpHandle : void* in/out -> "sptr" ; vpId : DWORD -> "int" ; startAddress : ULONGLONG -> "int64" ; endAddress : ULONGLONG -> "int64" ; callbackContext : void* in/out -> "sptr" ; foundImageCallback : FOUND_IMAGE_CALLBACK -> "sptr" ; standaloneAddress : ULONGLONG* -> "var" ; standaloneAddressCount : DWORD -> "int" ; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。 ; ※int64 引数の DLL 値渡しは x64 ランタイム(hsp3_64)のみ対応(x86 は未対応)。#uselib "VmSavedStateDumpProvider.dll" #cfunc global ScanMemoryForDosImages "ScanMemoryForDosImages" sptr, int, int64, int64, sptr, sptr, sptr, int ; res = ScanMemoryForDosImages(vmSavedStateDumpHandle, vpId, startAddress, endAddress, callbackContext, foundImageCallback, varptr(standaloneAddress), standaloneAddressCount) ; vmSavedStateDumpHandle : void* in/out -> "sptr" ; vpId : DWORD -> "int" ; startAddress : ULONGLONG -> "int64" ; endAddress : ULONGLONG -> "int64" ; callbackContext : void* in/out -> "sptr" ; foundImageCallback : FOUND_IMAGE_CALLBACK -> "sptr" ; standaloneAddress : ULONGLONG* -> "sptr" ; standaloneAddressCount : DWORD -> "int" ; ※出力/バッファ引数はポインタ方式(token=sptr / 呼び出しは varptr(変数))。 ; ※int64 引数の DLL 値渡しは x64 ランタイム(hsp3_64)のみ対応(x86 は未対応)。
出力引数:
; HRESULT ScanMemoryForDosImages(void* vmSavedStateDumpHandle, DWORD vpId, ULONGLONG startAddress, ULONGLONG endAddress, void* callbackContext, FOUND_IMAGE_CALLBACK foundImageCallback, ULONGLONG* standaloneAddress, DWORD standaloneAddressCount) #uselib "VmSavedStateDumpProvider.dll" #cfunc global ScanMemoryForDosImages "ScanMemoryForDosImages" intptr, int, int64, int64, intptr, intptr, var, int ; res = ScanMemoryForDosImages(vmSavedStateDumpHandle, vpId, startAddress, endAddress, callbackContext, foundImageCallback, standaloneAddress, standaloneAddressCount) ; vmSavedStateDumpHandle : void* in/out -> "intptr" ; vpId : DWORD -> "int" ; startAddress : ULONGLONG -> "int64" ; endAddress : ULONGLONG -> "int64" ; callbackContext : void* in/out -> "intptr" ; foundImageCallback : FOUND_IMAGE_CALLBACK -> "intptr" ; standaloneAddress : ULONGLONG* -> "var" ; standaloneAddressCount : DWORD -> "int" ; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。; HRESULT ScanMemoryForDosImages(void* vmSavedStateDumpHandle, DWORD vpId, ULONGLONG startAddress, ULONGLONG endAddress, void* callbackContext, FOUND_IMAGE_CALLBACK foundImageCallback, ULONGLONG* standaloneAddress, DWORD standaloneAddressCount) #uselib "VmSavedStateDumpProvider.dll" #cfunc global ScanMemoryForDosImages "ScanMemoryForDosImages" intptr, int, int64, int64, intptr, intptr, intptr, int ; res = ScanMemoryForDosImages(vmSavedStateDumpHandle, vpId, startAddress, endAddress, callbackContext, foundImageCallback, varptr(standaloneAddress), standaloneAddressCount) ; vmSavedStateDumpHandle : void* in/out -> "intptr" ; vpId : DWORD -> "int" ; startAddress : ULONGLONG -> "int64" ; endAddress : ULONGLONG -> "int64" ; callbackContext : void* in/out -> "intptr" ; foundImageCallback : FOUND_IMAGE_CALLBACK -> "intptr" ; standaloneAddress : ULONGLONG* -> "intptr" ; standaloneAddressCount : DWORD -> "int" ; ※出力/バッファ引数はポインタ方式(token=intptr / 呼び出しは varptr(変数))。
import (
"golang.org/x/sys/windows"
"unsafe"
)
var (
vmsavedstatedumpprovider = windows.NewLazySystemDLL("VmSavedStateDumpProvider.dll")
procScanMemoryForDosImages = vmsavedstatedumpprovider.NewProc("ScanMemoryForDosImages")
)
// vmSavedStateDumpHandle (void* in/out), vpId (DWORD), startAddress (ULONGLONG), endAddress (ULONGLONG), callbackContext (void* in/out), foundImageCallback (FOUND_IMAGE_CALLBACK), standaloneAddress (ULONGLONG*), standaloneAddressCount (DWORD)
r1, _, err := procScanMemoryForDosImages.Call(
uintptr(vmSavedStateDumpHandle),
uintptr(vpId),
uintptr(startAddress),
uintptr(endAddress),
uintptr(callbackContext),
uintptr(foundImageCallback),
uintptr(standaloneAddress),
uintptr(standaloneAddressCount),
)
_ = err // syscall.Errno (valid when the call sets last-error)
_ = r1 // HRESULTfunction ScanMemoryForDosImages(
vmSavedStateDumpHandle: Pointer; // void* in/out
vpId: DWORD; // DWORD
startAddress: UInt64; // ULONGLONG
endAddress: UInt64; // ULONGLONG
callbackContext: Pointer; // void* in/out
foundImageCallback: Pointer; // FOUND_IMAGE_CALLBACK
standaloneAddress: Pointer; // ULONGLONG*
standaloneAddressCount: DWORD // DWORD
): Integer; stdcall;
external 'VmSavedStateDumpProvider.dll' name 'ScanMemoryForDosImages';result := DllCall("VmSavedStateDumpProvider\ScanMemoryForDosImages"
, "Ptr", vmSavedStateDumpHandle ; void* in/out
, "UInt", vpId ; DWORD
, "Int64", startAddress ; ULONGLONG
, "Int64", endAddress ; ULONGLONG
, "Ptr", callbackContext ; void* in/out
, "Ptr", foundImageCallback ; FOUND_IMAGE_CALLBACK
, "Ptr", standaloneAddress ; ULONGLONG*
, "UInt", standaloneAddressCount ; DWORD
, "Int") ; return: HRESULT●ScanMemoryForDosImages(vmSavedStateDumpHandle, vpId, startAddress, endAddress, callbackContext, foundImageCallback, standaloneAddress, standaloneAddressCount) = DLL("VmSavedStateDumpProvider.dll", "int ScanMemoryForDosImages(void*, dword, qword, qword, void*, void*, void*, dword)")
# 呼び出し: ScanMemoryForDosImages(vmSavedStateDumpHandle, vpId, startAddress, endAddress, callbackContext, foundImageCallback, standaloneAddress, standaloneAddressCount)
# vmSavedStateDumpHandle : void* in/out -> "void*"
# vpId : DWORD -> "dword"
# startAddress : ULONGLONG -> "qword"
# endAddress : ULONGLONG -> "qword"
# callbackContext : void* in/out -> "void*"
# foundImageCallback : FOUND_IMAGE_CALLBACK -> "void*"
# standaloneAddress : ULONGLONG* -> "void*"
# standaloneAddressCount : DWORD -> "dword"
# なでしこ1は32bit・ANSI(Shift_JIS)。文字列=char*(ANSI)、ポインタ/ハンドル=void*(4byte)。