Posted: Sun Dec 17, 2017 9:46 am Post subject: Memory Heap Blocks
I would like to understand how CE works when scanning AOB in memory.
To be more direct, how does it do to search for Heap Blocks.
What is CE's approach?
1) Does it calls VirtualQueryEx passing the GetCurrentProcess() returned HANDLE and loops until done finding for MEM_COMMIT and MEM_PRIVATE blocks?
Or
2) It creates a snapshot via CreateToolhelp32Snapshot and it loops through each Module and then uses the Heap32First and Heap32ListNext to find the memory blocks?
I found that approach 1) may miss Heap Allocations done in the process DLLs modules?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum