News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

VirtualQueryEx works, sometimes.

Started by sheep, September 01, 2005, 09:13:54 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

sheep

September 01, 2005, 09:13:54 PM
I have a pretty enigmatic problem with VirtualQueryEx. I'm using it to examine the comitted memory of a process. Everything was working great until it suddenly stopped working for no reason whatsoever, without even a change in the code. It would always return 0 with ERROR_NOACCESS on every memory address I tried right after I called it on a process handle that I just opened with full access.

I got it going like this:

Code Select
.code
...
invoke VirtualQueryEx,h,ebx,offset mbi,sizeof MEMORY_BASIC_INFORMATION ; ebx was walking through the pages here on a different process
...
.data
...
mbi MEMORY_BASIC_INFORMATION <0,0,0,0,0,0,0>

Then it got weirder, because I changed the data part to:

Code Select
align 16
mbi MEMORY_BASIC_INFORMATION <0,0,0,0,0,0,0>

and it worked great. I don't know why it works because of that, but the problem is it'll still only work for me when I make that change. It won't work on other machines. Why won't this API work?

MichaelW

#1
September 01, 2005, 11:40:34 PM
Perhaps because of this:
Quote
Passing a kernel-mode pointer to this function can result in no information being returned, due to security issues. In this case, the return value is zero.

eschew obfuscation

ToutEnMasm

#2
September 02, 2005, 05:42:11 AM
hello,
I don't know for what,but if you put your buffer in locals instead of data, you can have the surprise to see it work.                   :green
                        ToutEnMasm

sheep

#3
September 02, 2005, 03:52:34 PM
Quote from: ToutEnMasm on September 02, 2005, 05:42:11 AM
hello,
I don't know for what,but if you put your buffer in locals instead of data, you can have the surprise to see it work.                   :green
                        ToutEnMasm


It does, but I don't get why aligning it makes it work

sheep

#4
September 04, 2005, 08:11:02 PM
Quote from: sheep on September 02, 2005, 03:52:34 PM
It does, but I don't get why aligning it makes it work

I got an oppertunity to test it on another machine today and even this isn't working. No matter where I put the MEMORY_BASIC_INFORMATION structure it seems to not give me an error on my machine only.

Anyone else have this experience?

ToutEnMasm

#5
September 05, 2005, 07:32:16 AM
Hello,
Win98 react differently than XP.I have made a proc modifying the size of the stack and this one works perfectly in XP but not in win98,If we can have some doc explaining why it works like this , we could made modifies for each system.
                             ToutEnMasm
Print
Go Up Pages1
User actions