C++ - VirtualQueryEx for x64 processes

Asked Jul 24 '20 at 13:18

Active Jul 24 '20 at 13:42

Viewed 725 times

Here is my code I use for memory scanning of x86 processes:

    unsigned char *p = NULL;
    MEMORY_BASIC_INFORMATION info;

    for (p = NULL;
        VirtualQueryEx(process, p, &info, sizeof(info)) == sizeof(info);
        p += info.RegionSize)
    {

... 

     }

The code works correctly. But when I use this code for memory scanning of x64 processes, the result is not correct!

I tried to change MEMORY_BASIC_INFORMATION to MEMORY_BASIC_INFORMATION64but:

'SIZE_T VirtualQueryEx(HANDLE,LPCVOID,PMEMORY_BASIC_INFORMATION,SIZE_T)': cannot convert argument 3 from 'MEMORY_BASIC_INFORMATION64 *' to 'PMEMORY_BASIC_INFORMATION'

I`ve searched a lot but could not understand how to resolve it.

edited Jul 24 '20 at 13:42

Asesh

3,186
2
21
31

asked Jul 24 '20 at 13:18

7eRoM

That's because they are two different structs and that API takes `MEMORY_BASIC_INFORMATION*` as it's argument, not `MEMORY_BASIC_INFORMATION64*` – Asesh Jul 24 '20 at 13:43
@Asesh I did as said on https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-memory_basic_information – 7eRoM Jul 24 '20 at 13:47
2

You're going to have to compile a 64-bit binary if you're running on a 64-bit OS. If you do, you can pass `MEMORY_BASIC_INFORMATION` and get the correct results back from both 32-bit and 64-bit processes. See comments to [this question](https://stackoverflow.com/q/60837275/1889329). – IInspectable Jul 24 '20 at 14:12
@IInspectable Thank you – 7eRoM Jul 24 '20 at 16:30
@RitaHan-MSFT Yes. – 7eRoM Jul 28 '20 at 15:14

C++ - VirtualQueryEx for x64 processes

0 Answers0