Highest Voted 'virtualquery' Questions

18

votes

2 answers

Is there a better way than parsing /proc/self/maps to figure out memory protection?

On Linux (or Solaris) is there a better way than hand parsing /proc/self/maps repeatedly to figure out whether or not you can read, write or execute whatever is stored at one or more addresses in memory? For instance, in Windows you have…

asked Nov 06 '08 at 16:26

Edward Kmett

29,632
7
85
107

2

votes

2 answers

Why can't read data from blocks with PAGE_GUARD protection?

I read data from address space using ReadProcessMemory function. I try read from all blocks that have MEM_PRIVATE type. But i get error (function returns 0) when that block have PAGE_GUARD protection, why? Thanks to all.

windows operating-system virtual-address-space readprocessmemory virtualquery

asked Mar 12 '14 at 20:50

user3245337

147
9

2

votes

2 answers

VirtualQuery gives illegal result. Is it a bug?

My code: MEMORY_BASIC_INFORMATION meminf; ::VirtualQuery(box.pBits, &meminf, sizeof(meminf)); The results: meminf: BaseAddress 0x40001000 void * AllocationBase 0x00000000 void * AllocationProtect 0x00000000 …

virtualquery

asked Oct 05 '09 at 10:52

user184001

2

votes

2 answers

Does VirtualProtect require the address of the beginning of the page?

I need to use VirtualProtect, and my question is about the address of the region passed to the function. It says (on MSDN) "an address that describes the starting page", does it have to be the address of the beginning of the page or could it be any…

c++ winapi virtualquery

asked May 31 '12 at 18:07

Elad

633
5
13

1

vote

2 answers

VirtualProtectEx, ERROR_INVALID_PARAMETER (error 87)

I am trying to write a function that will can through a process' memory. I noticed that ReadProcessMemory would fail on regions with permissions set to PAGE_NOACCESS or PAGE_GUARD. I decided that I would use VirtualProtectEx to temporarily change…

windows api permissions virtual-memory virtualquery

asked Mar 25 '20 at 21:45

kansas_bulldog382

73
8

1

vote

0 answers

VirtualQueryEx returning full of 000000000 array

I'm having a hard time searching for a value (and furthermore, values pattern) in a process' memory. This process is a "VBoxHeadless" process (like a normal VM process, but without GUI to be able to be run remotely if needed). It is created by Andy,…

android virtualbox autoit virtualquery

asked Jan 31 '15 at 18:50

Maxime Oudot

145
1
9

1

vote

1 answer

Different regions have the same allocation address

I examine address space of process in Windows 7. I use VirtualQueryEx function, and this is some part of my example, where handleOfProcess_ is handle of some process: MEMORY_BASIC_INFORMATION mbi; bool ok = (VirtualQueryEx(handleOfProcess_,…

windows windows-7 operating-system virtual-address-space virtualquery

asked Mar 10 '14 at 21:50

user3245337

147
9

1

vote

1 answer

What is difference between BaseAddress and AllocationBase and between AllocationProtect and Protect in _MEMORY_BASIC_INFORMATION structure?

_MEMORY_BASIC_INFORMATION contains fields, that describe address space. I want to know what is the difference between BaseAddress and AllocationBase. BaseAddress is the base address of region, and what is AllocationBase? Also, I want to know…

windows operating-system virtualalloc virtualquery

asked Oct 15 '13 at 08:33

OSProgrammer

11
3

0

votes

0 answers

VirtualQuery equivalent in Linux

In my project, the exe is an third party one and it knows the location of my parent DLL which is located in the same folder as mine. like EXE (directory A) => Parent DLL(Directory B) => My DLL (Directory B). the problem is when the parent DLL tries…

c++ linux proc virtualquery

asked Nov 30 '22 at 09:18

Sathishkumar Gurusamy

1

0

votes

1 answer

Question about VirtualQueryEx() lpAdress variable

I am building a Memory Scanner to find malware strings in a process. Btw, when I was searching about the VirtualQueryEx dll, I saw that people starts its variable lpAdress ( which is supposed to be the Base Address of the process) with a NULL/0…

winapi virtual-memory virtualquery

asked Jul 18 '22 at 22:02

João P 2018

7
2

0

votes

1 answer

VirtualQueryEx returning impossible mbi.RegionSize value in ctypes

I'm building a Memory Scanner and in the middle of it I use VirtualQueryEx to get the size in bytes of the process. This is my VirtualQueryEx and MEMORY_BASIC_INFORMATION structure setups: VirtualQueryEx = windll.kernel32.VirtualQueryEx …

ctypes virtual-memory virtualquery

asked Jul 17 '22 at 01:23

João P 2018

7
2

0

votes

1 answer

C++ winapi VirtualQueryEx function gives me "000000"

I am trying to display information about the virtual memory of each process on the system: #include #include #include #include using namespace std; void main() { HANDLE CONST hStdOut =…

c++ winapi virtualquery

asked Jan 26 '21 at 07:36

user15082198

29
4

0

votes

0 answers

C++ - VirtualQueryEx for x64 processes

Here is my code I use for memory scanning of x86 processes: unsigned char *p = NULL; MEMORY_BASIC_INFORMATION info; for (p = NULL; VirtualQueryEx(process, p, &info, sizeof(info)) == sizeof(info); p += info.RegionSize) …

c++ winapi memory virtualquery

asked Jul 24 '20 at 13:18

7eRoM

443
4
14

0

votes

1 answer

Available stack size for C++ thread

I use Windows 10, Visual Studio 2019 The program generates threads. I need to add functionality pointing me what is available stack size in any execution time . #include #include void thread_function() { …

c++ windows winapi stack virtualquery

asked Jun 26 '20 at 14:05

YAKOVM

9,805
31
116
217

0

votes

1 answer

MEMORY_BASIC_INFORMATION and VirtualQueryEx on different architectures

The MSDN page for MEMORY_BASIC_INFORMATION points out in the remarks section that MEMORY_BASIC_INFORMATION32 and MEMORY_BASIC_INFORMATION64 should be specified in situations where the target process is running on a different architecture than the…

windows msdn virtual-memory virtualquery

asked Mar 24 '20 at 18:37

kansas_bulldog382

73
8

Questions tagged [virtualquery]