MEMPROBE.C and MEMPROBE.EXE -- A Win32 program to determine the actual address space in use by Win32 programs in Windows 95. Very different results from those shown by the VirtualQuery API! MEMPROBE walks the entire four-gigabyte potential address space, using the structured exception handling (SEH) _try and _except statements to determine which areas are readable and writeable, read-only (write-protected), or protected (neither readable nor writeable). Alternatively, if compiled with the USE_SEH switch, MEMPROBE will use the IsBadWritePtr and IsBadReadPtr APIs. Right now, MEMPROBE.EXE is a Console app, but can be compiled with the NOT_CONSOLE switch if you want to try out MEMPROBE without needing an extra virtual machine (VM) for the Console output window.
The program generates a MEMPROBE.LOG file which looks like this:
00010000h-00124000h Read/Write (1130496 bytes) 0019F000h-0026E000h Read/Write (847872 bytes) 00400000h-00409000h Read 00409000h-0040B000h Read/Write (8192 bytes) 0040B000h-0040C000h Read 0040C000h-0040F000h Read/Write (12288 bytes) 0040F000h-00410000h Read 00410000h-00411000h Read/Write (4096 bytes) ... etc., etc. ... C1F4F000h-C1F50000h Read/Write (4096 bytes) C234E000h-C234F000h Read/Write (4096 bytes) C2400000h-C2524000h Read/Write (1196032 bytes) C259F000h-C25A0000h Read/Write (4096 bytes) 552 seconds 24346624 pokeable bytes out of 100000000h 0.57% pokeable