View previous topic :: View next topic |
Author |
Message |
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Sat Jul 03, 2010 7:50 am Post subject: Checking if address is valid |
|
|
sometimes you may want to check if an address you're getting is valid or not. You can use isbadreadptr and isbadwriteptr for this.
Of course, keep in mind that in multithreaded apps it can happen that the memory is valid during the api call, and invalid right after it has returned so try to keep your data as close as possible
Code: |
pushfd //save flags
pushad //not sure which registers get messed with with this api call
push 4 //size in bytes of pointer
lea eax,[addresstocheck]
push eax
call isbadreadptr
cmp eax,0
jne invalidmemory
//valid memory
//do stuff
invalidmemory:
popad
popfd
//done
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Sun Jul 04, 2010 5:24 am Post subject: |
|
|
Just a little note about IsBadReadPointer, assuming this is just a forward to the API call:
Quote: | Important This function is obsolete and should not be used. Despite its name, it does not guarantee that the pointer is valid or that the memory pointed to is safe to use. For more information, see Remarks on this page. |
Quote: | This function is typically used when working with pointers returned from third-party libraries, where you cannot determine the memory management behavior in the third-party DLL.
Threads in a process are expected to cooperate in such a way that one will not free memory that the other needs. Use of this function does not negate the need to do this. If this is not done, the application may fail in an unpredictable manner.
Dereferencing potentially invalid pointers can disable stack expansion in other threads. A thread exhausting its stack, when stack expansion has been disabled, results in the immediate termination of the parent process, with no pop-up error window or diagnostic information.
If the calling process has read access to some, but not all, of the bytes in the specified memory range, the return value is nonzero.
In a preemptive multitasking environment, it is possible for some other thread to change the process's access to the memory being tested. Even when the function indicates that the process has read access to the specified memory, you should use structured exception handling when attempting to access the memory. Use of structured exception handling enables the system to notify the process if an access violation exception occurs, giving the process an opportunity to handle the exception. |
Source: http://msdn.microsoft.com/en-us/library/aa366713%28VS.85%29.aspx
_________________
- Retired. |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Sun Jul 04, 2010 5:39 am Post subject: |
|
|
that remark in the msdn is just the usual "don't access memory that doesn't belong to you disclaimer" to encourage 'proper' programming. GameHacking is an exception here since most of the time you HAVE to access memory owned by another program that hasn't told you exactly how the memory is configured.
it basically comes down to the remark that I made: "Watch out for multithreaded memory deallocations" and try to only use the values from registers in the current call.
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Slugsnack Grandmaster Cheater Supreme Reputation: 71
Joined: 24 Jan 2007 Posts: 1857
|
Posted: Tue Jul 13, 2010 11:43 am Post subject: |
|
|
Actually that function can be really unsafe even in single threaded applications. The reason being guard pages. Essentially those functions work by attempting the access then returning based upon whether an exception was thrown. For obvious reasons, guard pages completely fuck up this method.
|
|
Back to top |
|
|
|