As you can see this is my first post. Just to be clear I don't see me as a newbie, but when can you say you aren't one anymore? Anyways, here's my prob:

I feel it is rather strange, what I'm doing is querying the virtual address space of my app (using VirtualQueryEx) to see which memory ranges are committed etc.

For some time this didnot work and I always gat the error: "invalid access to memory location". I can't seem to find anything describing what could be wrong here. And I wonder why I get it while I'm querying the region @address 0 (should work as far as I know??)

Yesterday all of a sudden I got it working, it did list all regions insize the address space. Wow, I thought, so developing more and adjusting the string used to display info ("Queried %08X byte, RegionSize: %08X bytes") in a listbox using wsprintf (Yeah, I know. But it is easier to use and trivial to what I want).
After adjusting the string to something like "BaseAddr %08X, AllocBase %08X, etc.." and recompiling -> Invalid access to memory location popped up. Why? If I return the string to what it was -> all works again.
Is it me (I hope it is, I can change that easily) or what? Has this occured before? Is it something I need to do/set/keep in mind before it will work?

All help is welcome!

BTW1: I'm on a Win2000 OS.
BTW2: It is just a try-out and nothing to do with trojans / warez / etc. as stated in the rulez. If one wonders if it is. I just want to make it work. Can't stand it if it doesn't...
Posted on 2002-03-27 06:46:27 by the_anomaly
Welcome to our Board!

Could you please post some of your source code? Without knowing, *how* you did the memory access, it's quite hard to give you some hints. So please post at least your VirtualQueryEx call.

Another easy methode is, that you place some



invoke MessageBox, 0, 0, 0, 0


lines in your code, or use a debugger to see, where the error exactley occurs.

regards,
bAZiK
Posted on 2002-03-27 07:04:28 by bazik


invoke SendMessage, hLb, LB_ADDSTRING, 0, addr strQuery ;Shows "Start querying address space" in listbox
;hLb - handle to listbox
xor edi, edi ;start with address 0
mov CommitSize, edi ;clear total committed size
.while edi < sysinfo.lpMaximumApplicationAddress ;continue untill applicaion address is reached
invoke VirtualQueryEx, hProc, edi, addr mbi, sizeof mbi ;query space
;hProc - handle to opened process
;mbi - MEMORY_BASIC_INFORMATION structure
or eax, eax ;if nothing returned
jnz @GotRegion ;exit, else region found
invoke GetLastError
invoke FormatMessage, FORMAT_MESSAGE_FROM_SYSTEM, NULL, eax, 0, addr errbuffer, 1024, NULL
invoke SendMessage, hLb, LB_ADDSTRING, 0, addr errbuffer ;display system error
jmp @CloseIt ;leave loop
@GotRegion:
cmp mbi.State, MEM_COMMIT ;is it a committed region?
jne @NoCommit ;if not continue
mov eax, CommitSize
add eax, mbi.RegionSize
mov CommitSize, eax
@NoCommit:
add edi, mbi.RegionSize
.endw

invoke SendMessage, hLb, LB_ADDSTRING, 0, addr strDone
@CloseIt:
invoke wsprintf, addr errbuffer, addr fmtTotalSize, CommitSize
invoke SendMessage, hLb, LB_ADDSTRING, 0, addr errbuffer ;Show "Total size=" in listbox

invoke SendMessage, hLb, LB_ADDSTRING, 0, addr strClose
invoke CloseHandle, hProc

ret


If I, for instance, add a LB_ADDSTRING message when a committed region is found to display status/info in the listbox. The error "invalid access to memory location" occures. If I leave it like this, it works.

Has it something to with: It takes to much time? (unlikely, I guess) Or does wsprintf / SendMessage change edi? Hope this helps
Posted on 2002-03-27 07:51:52 by the_anomaly
Afternoon, the_anomaly.

*Always* save/restore edi/esi/ebx (whichever ones you use) in your procs. This is especially important on NT boxes.

Some functions don't put edi/esi/ebx back to what they were originally, so one of them *may* be causing the problem, also. To check: test edi (the one you're using) before and after the function call (VirtualQueryEx) and see if it's been changed (you can get rid of the test code once you know if edi gets changed or not). If it's been changed, just push/pop around it.

Cheers,
Scronty
Posted on 2002-03-27 15:38:34 by Scronty
Tried it, but it doesn't work either. (push pop around the "insert string in listbox" function)

In fact I find it really strange, because when I leave it as the code above it all works, but when I (for instance) add a new global string variable (e.g. strTest db "test",0) then for some reason all regions can't be queried. If then I delete the variable declaration all works fine...:mad:
Posted on 2002-03-28 03:34:59 by the_anomaly
Anomaly, the only place you need to preserve registers is in callbacks.
WndProc and DlgProc are probably the two most wellknown callbacks :),
another is WNDENUMPROC used with EnumWindows.

The registers of course only has to be preserved if you use them,
and they are: ebx, esi, edi, ebp. You're free to trash eax, ecx, edx.
This also goes for any API call: you can depend on ebx,esi,edi,ebp
being preserved, while eax, ecx, edx can be trashed at will - so
you should save eax,ecx,edx before an API call if they're used in
your code, or you should rework your code to use the non-trashed
registers.

Also, some structures and other parameters for some API calls
have to be aligned in memory, and the platformsdk doesn't always
tell you about this :/. Might be an idea to put a "align 4" before any
structures :).

Zip up your .asm and post it here and we'll have a look at "the big picture".
Posted on 2002-03-28 06:38:50 by f0dder