Checking memory allocation

[JoeBloggs]

Okay, so I'm basically writing a c .dll that will iterate through memory of the target process and report if a certain value is true.

I have this working fine (through the use of pointers), however, when it hits region of memory that hasn't been allocated it crashes the process. I was looking for a method (preferably not through Windows API) to check whether or not the memory has being allocated.

Code looks something like this:

Code:

for(i=0x10000;i<0x7FFFFFFF;i+=0x10000)
{
			
	if(*(DWORD*)(i + 0xAC) == 0x16945630)
	{
		pdwMyAddr = (DWORD*)(i + 0xAC);
		//Abritrary code here.
	}
}

Thanks for any help .

[C_ntua]

Well, it crashes as it owes to. I suppose you have a method to know exactly which memory address the process owns? Like from where the heap, the stack etc etc start end.
Well, the information is somewhere, but that depends on the OS. The OS is responsible for managing memory along processes. But I don't know where you can read that information. The sure think is that it would be TOTALLY unsafe if somebody could just read information from the memory without being owned by the process.
It would be also unsafe to find out where a process writes and just read that memory!
And finally, every time the process runs it won't have the same memory space. It would depend.
Now, if you have access to the code of the program it might be possible. You could probably just print the address of each variable, manually or with a certain function maybe? Then finding the "bounds" of the memory owned by the process you might get what you want. Probably not what you want 'cause I don't believe its possible for security reasons...

[zacs7]

The days when such a thing was possible are long, long gone.

Basically you need to inject a DLL into the target process and then read the memory of the process via that DLL. I won't say anymore just incase it's against the rules (this sort of stuff is used by viruses and game cheats).

[JoeBloggs]

The sure think is that it would be TOTALLY unsafe if somebody could just read information from the memory without being owned by the process.

My dll creates a thread belonging to the process.

And finally, every time the process runs it won't have the same memory space. It would depend.

Yep, I am aware of that, this function is for finding the address of a value within memory

Basically you need to inject a DLL into the target process and then read the memory of the process via that DLL. I won't say anymore just incase it's against the rules (this sort of stuff is used by viruses and game cheats).

Yep, yep everything is working, other than when it hits a block of unallocated memory it crashes (as it is attempting to assign it to a DWORD, when there's nothing there)

And finally, every time the process runs it won't have the same memory space. It would depend.

Oh, ohk, so I will have to resort to an api to check? :[.

Thanks for the quick replies

[Elysia]

Yes, you may want to look into the Virtual Memory functions of the Win32 API, more specifically VirtualQuery. Use it to query if the pages have been allocated or not.
But then again, why do you need to do this?

[matsp]

There was a discussion not so long ago, where we came up with a list of "Possible virtual addresses that the process may own".

--
Mats