samuri25404
Grandmaster Cheater
 Reputation: 7
Joined: 04 May 2007
Posts: 955
Location: Why do you care?
|
 Posted: Wed Aug 01, 2007 1:51 pm Post subject: [C#] VirtualQueryEx |
 |
|
Ok, I'm working--or at least TRYING to work with--VirtualQueryEx, and encountering a bit of trouble.
What I'm doing is trying to populate an MBI (or MEMORY_BASIC_INFORMATION), but having a bit of trouble. When I debug and view the values, they're all 0. Here's my code:
| Code: |
//the stuff below is found on MSDN
//DWORD VirtualQueryEx(
// HANDLE hProcess, //handle to process
// LPCVOID lpAddress, //base of pages
// PMEMORY_BASIC_INFORMATION lpBuffer, //ptr to MBI, info returned
// DWORD dwLength //size (bytes) of buffer; pointed at by lpBuffer
// );
//typedef struct _MEMORY_BASIC_INFORMATION {
// PVOID BaseAddress; // base of the region of pages
// PVOID AllocationBase; // ptr to the base of a range of pages
// DWORD AllocationProtect; // memory protection, can be one of a couple, or 0 for none
// DWORD RegionSize; // size [bytes] of region beginning at BaseAddress, in which all pages have identical attributes
// DWORD State; // state of pages
// DWORD Protect; //
// DWORD Type; //
// }
//Below was not found on MSDN, I made this:
[DllImport("kernel32.dll")]
public static extern int VirtualQueryEx(IntPtr hProcess, ref object lpAddress, ref MEMORY_BASIC_INFORMATION lpBuffer, int dwLength);
public struct MEMORY_BASIC_INFORMATION{
public int BaseAddress;
public int AllocationBase;
public int AllocationProtect;
public int RegionSize;
public int State;
public int Protect;
public int lType;
}
//And now for where I call it. Note that this is in a different class, and the
//class that the two above are in is called ProcessMemoryReaderApi
public System.Collections.Generic.List<string> GetRegions(IntPtr process, uint Start, uint End)
{
System.Collections.Generic.List<string> zeRegions = new System.Collections.Generic.List<string>();
uint CurrentAddy = Start;
object objAddy = CurrentAddy;
ProcessMemoryReaderApi.MEMORY_BASIC_INFORMATION mbi = new ProcessMemoryReaderApi.MEMORY_BASIC_INFORMATION();
while (CurrentAddy <= End)
{
ProcessMemoryReaderApi.VirtualQueryEx(process, ref objAddy, ref mbi, mbi.RegionSize);
string temp = "";
string allocProtect = mbi.AllocationProtect.ToString();
//The following cases were taken from MSDN
switch (allocProtect) //Don't worry about this though, it's just
{ //for the sake of making things easier
case "0x10" :
allocProtect = "PAGE_EXECUTE";
break;
case "0x20" :
allocProtect = "PAGE_EXECUTE_READ";
break;
case "0x40" :
allocProtect = "PAGE_EXECUTE_READWRITE";
break;
case "0x80" :
allocProtect = "PAGE_EXECUTE_WRITECOPY";
break;
case "0x01" :
allocProtect = "PAGE_NOACCESS";
break;
case "0x02" :
allocProtect = "PAGE_READONLY";
break;
case "0x04" :
allocProtect = "PAGE_READWRITE";
break;
case "0x08" :
allocProtect = "PAGE_WRITECOPY";
break;
default :
allocProtect = mbi.AllocationProtect.ToString();
break;
}
if (
allocProtect == "PAGE_EXECUTE" ||
allocProtect == "PAGE_EXECUTE_READ" ||
allocProtect == "PAGE_EXECUTE_READWRITE" ||
allocProtect == "PAGE_EXECUTE_WRITECOPY"
)
{
//Basically, if we can do something with it
temp = CurrentAddy.ToString() + " - " + (CurrentAddy + mbi.RegionSize).ToString();
zeRegions.Add(temp); //then add it to the list
}
CurrentAddy += ((uint)mbi.RegionSize + 1); //Skip over to the
} //next region
return zeRegions; //return the list
}
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
