I have this problem, whenever I allocate 4096 bytes in an usermode program and print the Virtual Mem Address I do this in WinDbg
!process 0
.process /r /p
!vad
But the Address doesn't display in there, why is that?
You're not process 0. How are you trying to print the address
In the usermode program, malloc returns the address
(void*)mem
If you are attaching the debugger to the kernel, you have to change context to your process (process where you are allocating 4096 bytes).
Check the documentation for !process.
In a normal Windows UM program, malloc results in a call to the win32 API HeapAlloc using the CRT heap. There are different algorithms, but heaps use VirtualAlloc to reserve and commit virtual memory from the OS in larger blocks (called segments), and then subdivide those to satisfy requests like malloc. The pointer returned from HeapAlloc or malloc will be somewhere inside one of the allocated segments.
In windbg, you can learn a lot about the heaps that exist in your process, the segments that the have allocate and what sub-allocations exist in those segments (and their status) by using the !heap and related commands.
as others have mentioned, if you are working with a single process (live debugging or a crash dump) then there is an implicit process context. If you are doing what is normally done around here - debugging the whole system or analyzing a crash dump of the whole system - then you have to identify and switch to the right process context before any of these commands will do anything useful.
There is quite a lot more to say about how heaps and the virtual address space, but if simply finding the virtual address is your goal, this should be enough