VirtualFree

[ragdog]

Hi


I create with VirtualAlloc Palce for the  pszText
and after working with the text use i VirtualFree
How i can test if the memory free?

invoke GetWindowTextLength, hWnd
        .if eax > 0       
            inc eax
            mov dwBufferSize, eax
            invoke  VirtualAlloc,0,eax,MEM_COMMIT,PAGE_EXECUTE_READWRITE
               push ebx
                mov pszText, eax
                lea ebx,[eax]
                invoke GetWindowText,hWnd,ebx, dwBufferSize
                .if eax

                    ; Working with text.............

                    invoke  VirtualFree,dwBufferSize,ebx,MEM_DECOMMIT 
                .endif

[dedndave]

VirtualFree...
Return Value
If the function succeeds, the return value is nonzero.

If the function fails, the return value is 0 (zero). To get extended error information, call GetLastError.

that's the easy way   :P

[cork]

The return value is in the EAX register, as others pointed out to me. You probably know that, but anyway... just in case.

[ragdog]

Thanks for your post

Yes i have already read this

invoke  VirtualFree,dwBufferSize,ebx,MEM_DECOMMIT   
                     .if eax==0
                         ;True
                        .elseif eax!=0
                           ;False
                     .endif

How i can test it if this really free can i this see in Ollydbg?

[oex]

You have that the wrong way round ragdog

invoke  VirtualFree,dwBufferSize,ebx,MEM_DECOMMIT   
                     .if eax!=0
                         ;True
                         ;The memory is free
                        .elseif eax==0
                         ;False
                         ;The memory is not free
                     .endif

Reading further:
MEM_DECOMMIT
0x4000 Decommits the specified region of committed pages. After the operation, the pages are in the reserved state.

The function does not fail if you attempt to decommit an uncommitted page. This means that you can decommit a range of pages without first determining the current commitment state.

I dont use the function myself but I would imagine this function would help you:
VirtualQuery
http://msdn.microsoft.com/en-us/library/aa366902(v=VS.85).aspx

[redskull]

How i can test it if this really free can i this see in Ollydbg?

The 'memory map' window in Olly will show you what memory is alloacted to your process.  Monitor it before and after the call, and you should see it the range dissapear.  As far as testing to see if it's there programatically, you need to either walk the VAD tree yourself (non-trivial), or just try and access it to see if your program crashes (or, more likely, set up an exception handler to deal with the success).

-r

[dedndave]

well - the only way i can think of testing it is free (besides the success of the Free call), is to see if it can be re-allocated   :P
that seems rather silly, because the OS may not allocate that block unless you request it allocates all available memory

note: after you free a block, you may still be able to read and write to that block without generating an exception
of course, that sounds like a good way to make bad things happen - lol


ahhh - redskull is on to something, there   :P
there must be an easy API function to use that returns memory blocks allocated to the current process

[redskull]

note: after you free a block, you may still be able to read and write to that block without generating an exception

Thats interesting, dedndave. What conditions can cause this behavior?

-r

[dedndave]

try it out   :bg
i tried it once, expecting to generate the old "c0000005" error, but the program kept on trucking - lol

[cork]

Try IsBadReadPtr(). That might work, though I don't understand why the return value of VirtualFree() isn't sufficient.

[ragdog]

Ok thanks  :U

This was my Mistake ::)

[dedndave]

lol - let's call it microsoft's mistake, instead
one would naturally expect the exception error

[ragdog]

I have trouble with this virtualfree

Why Free this not the memory

.data?
nSize  dd ?
pszMem dd ?

.code
push    hWnd
call    AllocateEditBuffer

.if (pszMem != NULL)
  invoke    MessageBox,0,addr pszMem,0,MB_OK
      call       DeAllocateMem
.endif

AllocateEditBuffer Proc uses ebx hWnd:HWND
   invoke    GetWindowTextLength, hWnd
   .if (eax>0)
        inc    eax
        mov    nSize, eax
     invoke VirtualAlloc,0,eax,MEM_COMMIT,PAGE_READWRITE
     .if (eax != NULL)
         mov pszMem,eax
          invoke    GetWindowText,hWnd,  pszMem,nSize
          .if (pszMem != NULL)

              ret
          .endif
     .endif
   .endif
   ret
AllocateEditBuffer endp

DeAllocateMem proc
               invoke VirtualFree,pszMem, nSize,MEM_DECOMMIT
               .if (eax!=0)
                   invoke    MessageBox,0,CTEXT ("The memory is free"),0,MB_OK
                 .else
                       invoke    MessageBox,0,CTEXT ("The memory is not free"),0,MB_OK
               .endif
ret
DeAllocateMem endp

Allocate the memory works fine only not this Free Mem (VirtualFree)

[redskull]

MEM_DECOMMIT doesn't "free" the memory; it leaves the address space reserved to your program, but with no backing RAM (and/or pagefile space) behind it.  So, you must specificy how you define "failure" for this snippit (VirtualFree fails, memory still visible in Olly, can still read and write to it, etc).  By decomiting only, the addressess appear to be there, but don't actually exist.

-r

[ragdog]

If i use MEM_DECOMMIT  or MEM_RELEASE have i ervery "The memory is not free" result