I would like to catch memory writes to specific memory ranges and call a function with the address of the memory location being written to. Preferably, after the write to memory has already happened.
I know this can be done by the operating system by twiddling with the page table entries. However, how can this be similar accomplished from within an application that wants to do this?
Well, you could do something like this:
Output (run on Windows XP):
That's the idea.
You will likely need to change things around to make the code work well in multiple threads, make it work with other
SEH
code (if any), with C++ exceptions (if applicable).And, of course, if you really want it, you can make it call the writes monitoring callback function after the write's been completed. For that you'll need to save the memory address from the
STATUS_ACCESS_VIOLATION
case somewhere (TLS
?) so that theSTATUS_SINGLE_STEP
case can pick it up later and pass to the function.