This method check and avoid invalid memory region to be scanned, which make scanning process got an exception.
Here the example codes:
MEMORY_BASIC_INFORMATION mbi = {0};
unsigned char *pAddress = NULL, *pEndRegion = NULL;
DWORD dwProtectionMask = PAGE_READONLY | PAGE_EXECUTE_WRITECOPY
| PAGE_READWRITE | PAGE_WRITECOMBINE;
DWORD dwProtectInvalid = PAGE_GUARD | PAGE_NOCACHE | PAGE_NOACCESS;
DWORD dwFindData = 0xDEADBEEF;
while(VirtualQuery(pEndRegion, &mbi, sizeof(mbi)) == sizeof(mbi)){
pAddress = pEndRegion;
pEndRegion += mbi.RegionSize;
if (!(mbi.Protect & dwProtectInvalid) && (mbi.AllocationProtect & dwProtectionMask)
&& (mbi.State & MEM_COMMIT)) {
for (; pAddress < pEndRegion; pAddress++) {
if(IsBadReadPtr(pAddress, 4))
continue;
if (*(DWORD*)pAddress == dwFindData) {
printf("Found at %p (%08X)\n", pAddress,
*(DWORD *)pAddress);
}
}
}
}
0 komentar:
Posting Komentar