critical error
-
Why do i get a critical error here in this code. I want to read succesive pages in a process memory
int main(int argc, char **argv[]) { PROCESS_INFORMATION pi; /* filled in by CreateProcess */ STARTUPINFO si; /* startup info for the new process*/ HANDLE hProcess; BYTE buf[200000]; DWORD bufsize = sizeof buf; DWORD baseaddr = 0; LPCVOID lpAddress = 0; PMEMORY_BASIC_INFORMATION lpBuffer = 0; DWORD dwLength = 0; DWORD flNewProtect =0; PDWORD lpflOldProtect = 0; DWORD dwSize =0; LPCVOID lpBaseAddress = 0; DWORD nSize = 0; DWORD buff = 0; LPDWORD lpNumberOfBytesRead = sizeof buf; if (argc !=2) { printf("Error in the input line, Usage: Inputfile"); exit(0); } //menu(); printf("Process %d creates a child process\n",GetCurrentProcessId());//print out our process ID GetStartupInfo(&si); // Call CreateProcess, telling it to run an exe file CreateProcess(NULL,/* lpApplicationName */ argv[1],/* lpCommandLine assumes to use curent process directory*/ NULL, /* lpsaProcess */ NULL, /* lpsaThread */ FALSE, /* bInheritHandles */ CREATE_NEW_CONSOLE, /* dwCreationFlags */ NULL, /* lpEnvironment */ NULL, /* lpCurDir */ &si, /* lpStartupInfo */ &pi /* lpProcInfo */ ); hProcess = pi.hProcess; printf("New Process ID: %d ",pi.dwProcessId); printf("has started \n"); VirtualQueryEx( hProcess, // handle to process lpAddress, // address of region lpBuffer,// address of information buffer dwLength,// size of buffer GetLastError() ); //*to avoid crashing VirtualProtectEx( hProcess, // handle to process lpAddress, // address of region of committed pages dwSize, // size of region flNewProtect, // desired access protection lpflOldProtect );// address of variable to get old protection ZeroMemory(buf, sizeof(buf)); if( ReadProcessMemory( hProcess, lpBaseAddress, nSize, bufsize, buff ) == FALSE ) { printf("\nProcess ID %d ",pi.dwProcessId); printf (" memory read failed (errcode: %d)", GetLastError()); printf("\nmemory read: \n",&buf); } else { printf("\nProcess ID %d ",pi.dwProcessId); printf("memory read: \n",buf); } return (0); }oam -
Why do i get a critical error here in this code. I want to read succesive pages in a process memory
int main(int argc, char **argv[]) { PROCESS_INFORMATION pi; /* filled in by CreateProcess */ STARTUPINFO si; /* startup info for the new process*/ HANDLE hProcess; BYTE buf[200000]; DWORD bufsize = sizeof buf; DWORD baseaddr = 0; LPCVOID lpAddress = 0; PMEMORY_BASIC_INFORMATION lpBuffer = 0; DWORD dwLength = 0; DWORD flNewProtect =0; PDWORD lpflOldProtect = 0; DWORD dwSize =0; LPCVOID lpBaseAddress = 0; DWORD nSize = 0; DWORD buff = 0; LPDWORD lpNumberOfBytesRead = sizeof buf; if (argc !=2) { printf("Error in the input line, Usage: Inputfile"); exit(0); } //menu(); printf("Process %d creates a child process\n",GetCurrentProcessId());//print out our process ID GetStartupInfo(&si); // Call CreateProcess, telling it to run an exe file CreateProcess(NULL,/* lpApplicationName */ argv[1],/* lpCommandLine assumes to use curent process directory*/ NULL, /* lpsaProcess */ NULL, /* lpsaThread */ FALSE, /* bInheritHandles */ CREATE_NEW_CONSOLE, /* dwCreationFlags */ NULL, /* lpEnvironment */ NULL, /* lpCurDir */ &si, /* lpStartupInfo */ &pi /* lpProcInfo */ ); hProcess = pi.hProcess; printf("New Process ID: %d ",pi.dwProcessId); printf("has started \n"); VirtualQueryEx( hProcess, // handle to process lpAddress, // address of region lpBuffer,// address of information buffer dwLength,// size of buffer GetLastError() ); //*to avoid crashing VirtualProtectEx( hProcess, // handle to process lpAddress, // address of region of committed pages dwSize, // size of region flNewProtect, // desired access protection lpflOldProtect );// address of variable to get old protection ZeroMemory(buf, sizeof(buf)); if( ReadProcessMemory( hProcess, lpBaseAddress, nSize, bufsize, buff ) == FALSE ) { printf("\nProcess ID %d ",pi.dwProcessId); printf (" memory read failed (errcode: %d)", GetLastError()); printf("\nmemory read: \n",&buf); } else { printf("\nProcess ID %d ",pi.dwProcessId); printf("memory read: \n",buf); } return (0); }oamWell to start with you can not do things like this: LPDWORD lpNumberOfBytesRead = sizeof buf; The variable lpNumberOfBytesRead is a pointer and a pointer holds the address of where the data is stored. What the above line is doing is setting the address to the value sizeof(buf), which is not an address. Change to: DWORD NumberOfBytesRead = sizeof(buf); or this (since its initial value may not matter) DWORD NumberOfBytesRead = 0; and pass like this SomeFunction(...,...,&NumberOfBytesRead); Now the following from your code, should make any C++ compiler choke (fail with errors): ReadProcessMemory( hProcess, lpBaseAddress, nSize, // This should be a pointer to buffer bufsize, buff ); // This should be a pointer to DWORD The correct arguments are ReadProcessMemory( hProcess, lpBaseAddress, buf, bufsize, &NumberOfBytesRead); or ReadProcessMemory( hProcess, lpBaseAddress, buf, sizeof(buf), &NumberOfBytesRead); I have no doudt that there are several other things wrong with this code, but the above should help you get started on figuring out what they are. INTP "The more help VB provides VB programmers, the more miserable your life as a C++ programmer becomes." Andrew W. Troelsen
-
Well to start with you can not do things like this: LPDWORD lpNumberOfBytesRead = sizeof buf; The variable lpNumberOfBytesRead is a pointer and a pointer holds the address of where the data is stored. What the above line is doing is setting the address to the value sizeof(buf), which is not an address. Change to: DWORD NumberOfBytesRead = sizeof(buf); or this (since its initial value may not matter) DWORD NumberOfBytesRead = 0; and pass like this SomeFunction(...,...,&NumberOfBytesRead); Now the following from your code, should make any C++ compiler choke (fail with errors): ReadProcessMemory( hProcess, lpBaseAddress, nSize, // This should be a pointer to buffer bufsize, buff ); // This should be a pointer to DWORD The correct arguments are ReadProcessMemory( hProcess, lpBaseAddress, buf, bufsize, &NumberOfBytesRead); or ReadProcessMemory( hProcess, lpBaseAddress, buf, sizeof(buf), &NumberOfBytesRead); I have no doudt that there are several other things wrong with this code, but the above should help you get started on figuring out what they are. INTP "The more help VB provides VB programmers, the more miserable your life as a C++ programmer becomes." Andrew W. Troelsen
Yep i looked at that and there were mistakes, but the main problem comes from the virtualqueryEx function which has to do most of the things. Because i have to read pages using it... So it gives this error msg: "The value of ESP was not properly saved across a function call." error code 5: Illegal function call error code 998: from virtualqueryex function oam
-
Yep i looked at that and there were mistakes, but the main problem comes from the virtualqueryEx function which has to do most of the things. Because i have to read pages using it... So it gives this error msg: "The value of ESP was not properly saved across a function call." error code 5: Illegal function call error code 998: from virtualqueryex function oam
The code you gave should not compile on any compiler period! Let alone give any error messages when run. I can not remember ever seeing so many basic programming errors. If by some miricle it did run, then (Yep) it would probubly crash. Heck you stand a better chance of crashing the whole system than making that code work (as written). As for VirtualQueryEx: Why are you even trying to call it? The call appears to be used to retrieve information that needs to be stored in the structure pointed to by lpBuffer, but lpBuffer does not point to a structure, it points to NULL. The only reason the dwLength argument is correct, is that it is 0, since lpBuffer is NULL. You are also passing it a 5th argument GetLastError, for who knows what reason (it only takes 4 arguments and this is not one of them). I recomend you start all over again from scatch. What ever it is you are trying to accomplish, this will not do it. P.S. Sorry but if I was an employer, the code you gave would get you fired. INTP "The more help VB provides VB programmers, the more miserable your life as a C++ programmer becomes." Andrew W. Troelsen