I am writing dbgeng client and try to enumerate available virtual memory for time travel debugging session.
Dbgeng API have IDebugDataSpaces2::QueryVirtual
method, it's works great for live user-mode debugging sessions, but does not works for TTD trace session replay.
When I try to call it, I recieve 0x8000ffff (E_UNEXPECTED) error.
Looks like !address
and !vprot
commands from windbg preview gui have same issue
0:000> !vprot 0
ERROR: !vprot: extension exception 0x8000ffff.
"QueryVirtual failed"
0:000> !address
BaseAddress EndAddress+1 RegionSize Type State Protect Usage
--------------------------------------------------------------------------------------------------------------------------
There is IDebugDataSpaces4::GetValidRegionVirtual
method. It works, but TOO long (looks like it tries to check every page manually). Looks like IDebugDataSpaces4::GetNextDifferentlyValidOffsetVirtual
also works wrong for TTD replay.
Does dbgeng API have other methods to enumerate valid memory ranges for process? Or maybe there is another way to get this info from IDX or RUN files?
At the moment some information available in live debug and dump files are not available in TTD. The two main features are: a) QueryVirtual does not work; b) Process and thread security token information are not saved. I used QueryVirtual a lot in my Debug extension and I made changes to deal with it. Sorry to be the bearer of bad news.