The intent of the following code is to read memory without calling ReadProcessMemory and is part of a memory scanning application that I've written. The application scans all of the process' private memory once, and then when it begins a second iteration, it will crash.
The crash occurs when memory is read, after VirtualProtect reports a successful operation. As you can determine from the code, the memory region I am unprotecting and reading from is committed and accessible.
I'm completely baffled as to why reading memory a second time is causing a crash.
Question
Jon Willis
Hi all,
(deep breath)
So, I have an injected dll that is constantly looping the following code:
long startAddress = atol(szRecvBufferSplit); szRecvBufferSplit = strtok(NULL, "|"); int numberOfBytes = atoi(szRecvBufferSplit); MEMORY_BASIC_INFORMATION mbi; if(VirtualQuery((LPCVOID)startAddress, &mbi, sizeof(mbi))) { if (&mbi && mbi.State == MEM_COMMIT && mbi.Protect != PAGE_NOACCESS && mbi.Protect != PAGE_GUARD) { if(VirtualProtect((LPVOID)startAddress, numberOfBytes, PAGE_EXECUTE_READWRITE, &dwOldProtect)) { //if(safeMethod) //memcpy(szSendBuffer, (void*)startAddress, numberOfBytes); for(int i = 0; i < numberOfBytes; i++) { szSendBuffer[i] = *(unsigned char*)(startAddress + i); } VirtualProtect((LPVOID)startAddress, numberOfBytes, dwOldProtect, &dwOldProtect); } } }The intent of the following code is to read memory without calling ReadProcessMemory and is part of a memory scanning application that I've written. The application scans all of the process' private memory once, and then when it begins a second iteration, it will crash.
The crash occurs when memory is read, after VirtualProtect reports a successful operation. As you can determine from the code, the memory region I am unprotecting and reading from is committed and accessible.
I'm completely baffled as to why reading memory a second time is causing a crash.
Link to comment
Share on other sites
7 answers to this question
Recommended Posts