On 15-10-09 03:42 PM, Pengfei Sun wrote:
Hi Lex,
Thanks for your suggestions.
I work on memory forensics. My part of project is to locate memory of the sensitive data. For example, when I use the geany open one sensitive file, and the content will be in the memory (heap). I hope I can locate all memory related this sensitive file. And later I can do some analysis or protection.
Now, I override malloc and can log all malloc functions to get return address and size (I think g_malloc is a wrapper of malloc). But I still cannot building the mapping between the special file and related heap memory. I know each open or created file have different ID (GeanyDocument->id). However, I still cannot figure out how to trace the related memory of different ID. Assume I have open three files, so there are three windows and three different GeanyDocument->id. I write or change some things among these three windows. Meanwhile, I log all malloc/realloc/calloc functions. I try to figure out which malloc belong to window 1, which belong to window2 or window 3? Do you have any further suggestions for my case?
Hi,
To get from GeanyDocument to where the text buffer is stored:
- First get to the Scintilla widget: doc->editor->sci - Then get a pointer to Scintilla buffer: scintilla_send_message(doc->editor->sci, SCI_GETCHARACTERPOINTER, 0, 0); - That call will close the editing gap, so if you call: scintilla_send_message(doc->editor->sci, SCI_GETTEXTLENGTH, 0, 0); You can have the lower and upper addresses of the complete contiguous document buffer.
But as Lex mentioned, the address no doubt changes as Scintilla grows and shrinks the buffer, so you can only know for sure where it lives between call to SCI_GETCHARACTERPOINTER and the next time the buffer is changed.
You mentioned in Github Issue about wanting to know about tag allocations, in `tagmanager/src/tm_tag.c` at the top is where you could hook into allocation of the tag structures (TAG_NEW/TAG_FREE macros, or else the log_tag_*() functions).
Happy Hacking, Matthew Brush