- Forum
- General C++ Programming
- Memory scanner crashes
Memory scanner crashes
When i go to inject my dll into any process it crashes at the part where i push back the address of a unsigned char* to a vector<unsigned char*> object i got from a block of memory i scanned. i also made sure to protect it to PAGE_EXECUTE_READWRITE and revert it back to its original protection but it still crashes. The code ran fine when i didn't include my scanner function.
i've done some debugging to it in the past and made sure there was no access violations.
code:
int scanprocess(vector<unsigned char*> &storage,int find)
{
MEMORY_BASIC_INFORMATION mbi = { 0 };
unsigned char *pAddress = NULL,
*pEndRegion = NULL;
DWORD dwFindData = find,
dwProtectionMask = PAGE_READONLY | PAGE_EXECUTE_WRITECOPY
| PAGE_READWRITE | PAGE_WRITECOMBINE;
while (sizeof(mbi) == VirtualQuery(pEndRegion, &mbi, sizeof(mbi))) {
pAddress = pEndRegion;
pEndRegion += mbi.RegionSize;
if ((mbi.AllocationProtect & dwProtectionMask) && (mbi.State & MEM_COMMIT)) {
for (pAddress; pAddress < pEndRegion; pAddress++) {
if (*pAddress == dwFindData) {
// dostaff
unsigned long oldProtection;
VirtualProtect((LPVOID)pAddress, 1, PAGE_EXECUTE_READWRITE, &oldProtection);
storage.push_back((unsigned char*)pAddress);
VirtualProtect((LPVOID)pAddress, 1, oldProtection, NULL);
}
}
}
}
return 0;
}
the coded i used to call the function and store the data:
vector<unsigned char*> values;
scanprocess(values, 42);
i've done some debugging to it in the past and made sure there was no access violations.
code:
int scanprocess(vector<unsigned char*> &storage,int find)
{
MEMORY_BASIC_INFORMATION mbi = { 0 };
unsigned char *pAddress = NULL,
*pEndRegion = NULL;
DWORD dwFindData = find,
dwProtectionMask = PAGE_READONLY | PAGE_EXECUTE_WRITECOPY
| PAGE_READWRITE | PAGE_WRITECOMBINE;
while (sizeof(mbi) == VirtualQuery(pEndRegion, &mbi, sizeof(mbi))) {
pAddress = pEndRegion;
pEndRegion += mbi.RegionSize;
if ((mbi.AllocationProtect & dwProtectionMask) && (mbi.State & MEM_COMMIT)) {
for (pAddress; pAddress < pEndRegion; pAddress++) {
if (*pAddress == dwFindData) {
// dostaff
unsigned long oldProtection;
VirtualProtect((LPVOID)pAddress, 1, PAGE_EXECUTE_READWRITE, &oldProtection);
storage.push_back((unsigned char*)pAddress);
VirtualProtect((LPVOID)pAddress, 1, oldProtection, NULL);
}
}
}
}
return 0;
}
the coded i used to call the function and store the data:
vector<unsigned char*> values;
scanprocess(values, 42);
It looks like it should crash at this point:
You can't dereference pointers across processes, because they exist in separate memory spaces. You need to use ReadProcessMemory().
*pAddress == dwFindDataYou can't dereference pointers across processes, because they exist in separate memory spaces. You need to use ReadProcessMemory().
It doesn't make sense to scan memory from within the same address space that you want to scan. For example, how do handle the case where pAddress points to dwFindData, or to find, or to other copies of the same value? Which is bound to happen, since you're searching the entire address space.
You really should do this from a separate process.
Anyway, this is probably a problem:
You really should do this from a separate process.
Anyway, this is probably a problem:
| lpflOldProtect [out] A pointer to a variable that receives the previous access protection value of the first page in the specified region of pages. If this parameter is NULL or does not point to a valid variable, the function fails. |
> if ((mbi.AllocationProtect & dwProtectionMask) && ...
Need to check mbi.Protect instead of mbi.AllocationProtect; they need not be the same.
Something like this, perhaps:
http://rextester.com/VTZ38176
Need to check mbi.Protect instead of mbi.AllocationProtect; they need not be the same.
Something like this, perhaps:
|
|
http://rextester.com/VTZ38176
Topic archived. No new replies allowed.