I have a question i would like to toss out for debate:

Valid Memory or Code address are always 32 bits, and typically look something like: 004020DEh

Is (or can) there ever be a situation where a valid memory/code/stack pointer be less than 256 Dec. That is, if i write a routine to check a function param by:

What are your thoughts? OS hick-ups?? Anything that may prove me wrong here??

Thanks

:alright:

NaN

Valid Memory or Code address are always 32 bits, and typically look something like: 004020DEh

Is (or can) there ever be a situation where a valid memory/code/stack pointer be less than 256 Dec. That is, if i write a routine to check a function param by:

```
.if( Param < 256 )
```

; Treat it as a flag

.else

; Treat it as a 32bit memory pointer

.endif

What are your thoughts? OS hick-ups?? Anything that may prove me wrong here??

Thanks

:alright:

NaN

it might be possible if you remove part of the dos header mod the pe header a bit.. and only have one data storage place or define everything localy and not use .data and so on...

then you could pull it off.. i think.

since windows 2000 has a stricted PE format it may not work on 2000 not sure but on win 98 to XP excluding 2000 it should work.

then you could pull it off.. i think.

since windows 2000 has a stricted PE format it may not work on 2000 not sure but on win 98 to XP excluding 2000 it should work.

Why not create your own IsPtrCode by making use of SEH to detect whether the section could be excuted or something like that? I remember reading somewhere on it.

IIRC, windows reserves the first page (starting at address 0) to catch null-pointer bugs (and other suspisiously low value pointer references). If you want to be completely sure, even on other platforms, you could reserve a piece of memory of 256 bytes somewhere in your program or dynamically, and use pointers within that memory range as flags (flag = pointer - start_address). You can then be sure it's not a pointer (well it is, but with a special meaning). But I think this is a bit overkill for win32asm..

Thomas

Thomas

And... why not using bit 31 of the dword(pointer) to choose between falgset/pointer?

mov eax,

test eax,80000000h

jz Pointer

Flags:

...

jmp End

Pointer:

...

End:

You could then use the remaining 31 bits for flags of some knid of value or even a pointer too ( just to say for example read/write selection or so ... )

This is because in ring3 ( common apps ) addresses above 7FFFFFFF cant be adressed ;)

Bye :D

mov eax,

test eax,80000000h

jz Pointer

Flags:

...

jmp End

Pointer:

...

End:

You could then use the remaining 31 bits for flags of some knid of value or even a pointer too ( just to say for example read/write selection or so ... )

This is because in ring3 ( common apps ) addresses above 7FFFFFFF cant be adressed ;)

Bye :D

Actualy, the windows API already assumes everything < 64k is not a pointer. Take for example the resource loading functions that either take a string pointer containing the name of the resource, or a resource ID with the high word set to zero..

Thomas

Thomas

Thomas i think i confused you and my self on this not sure.. i could be the only one confused...

but it seems he is talking about memory addresses that is even before the exes memory location and not file offset..

my misstake...

but it seems he is talking about memory addresses that is even before the exes memory location and not file offset..

my misstake...

Nope, I wasnt meaning PE stuff.. i was only worried if is code up a 'optional' argument for a function (either pointer, or an equate i provide), that i wouldnt be overlooking something.

My equates are under 256 in value, so im checking for this, if not, i assume its a memory address in my code.

Im making a new generic OOP class, and i want to give the user option to provide their own data (via memory pointer), or use standar built in settings by using an equate instead of a memory pointer.

I know on win98SE its not an issue, but im not 100% on NT/2000/XP os's (they are finiky i find, and i do know things like Heap memory is not the same page (upper 16 bits) than win98)...

Personally i think its unlikely on any Win OS to have a memory pointer of any sort this low, but i've been proven wrong in the past which is why im pointing this ;)

:NaN:

My equates are under 256 in value, so im checking for this, if not, i assume its a memory address in my code.

Im making a new generic OOP class, and i want to give the user option to provide their own data (via memory pointer), or use standar built in settings by using an equate instead of a memory pointer.

I know on win98SE its not an issue, but im not 100% on NT/2000/XP os's (they are finiky i find, and i do know things like Heap memory is not the same page (upper 16 bits) than win98)...

Personally i think its unlikely on any Win OS to have a memory pointer of any sort this low, but i've been proven wrong in the past which is why im pointing this ;)

:NaN:

According to the most excellent

__Inside Microsoft Windows 2000__, memory address 0x0 through 0xFFFF will not be mapped to memory. These addresses always generate access violations.This is because in ring3 ( common apps ) addresses above 7FFFFFFF cant be adressed ;)

This is incorrect. Windows running AWE can give memory addresses above 7FFFFFFF to user mode programs. Of course, your application will not recieve any memory above 7FFFFFFF unless you link with the large address aware linker switch. It is always a bad idea to use bits of a pointer as flags, just look at the fun and the games IBM had to do to get 24bit/31bit/64bit addressing working.

how about,

GetSystemInfo

if SysInfo.lpMinimumApplicationAddress < Param< lpMaximumApplicationAddress then

IsBadReadPtr <- or similar

if eax=0 then Ok!

GetSystemInfo

if SysInfo.lpMinimumApplicationAddress < Param< lpMaximumApplicationAddress then

IsBadReadPtr <- or similar

if eax=0 then Ok!

According to the most excellent

__Inside Microsoft Windows 2000__, memory address 0x0 through 0xFFFF will not be mapped to memory. These addresses always generate access violations.

Thanks, this is music to my ears ;)

**drizz**,

THanks for the suggestion. I never thought of this, its good to know but i dont think i will need to do so much ;)

:NaN:

First of all the addresses starting always 401000h are virtual addresses adjusted by the operating system. I think you'll find they actually exist above 80000000h linear address which is the logical address since the selector is zero based. As far as not being beleivable. The physical low memory starting at zero is your DOS interrupt vector table and starting at 400h is important hardware system parameters put there by the BIOS. I would be willing to bet that the system timer interrupt or exception uses these parameters continously.

First of all the addresses starting always 401000h are virtual addresses adjusted by the operating system. I think you'll find they actually exist above 80000000h linear address which is the logical address since the selector is zero based. As far as not being beleivable. The physical low memory starting at zero is your DOS interrupt vector table and starting at 400h is important hardware system parameters put there by the BIOS. I would be willing to bet that the system timer interrupt or exception uses these parameters continously.

That's true for ring 0, but I think NaN was talking about memory addresses from ring 3 programs...

Trust me Qvasi, you are one sharp cookie and I would like to ask you some questions about subclassing/message filtering as soon as I can get back to it. I've always been a hardware nuts and bolts guy. The user or ring 3 is the virtual addresses. Ask Four-F. He's got a good handle on it

According to the most excellent

__Inside Microsoft Windows 2000__, memory address 0x0 through 0xFFFF will not be mapped to memory. These addresses always generate access violations.

Speaking about this "forbidden" area, I wonder why the highest address is often below 0xFFFF, for instance 0xF5C0 - internal win data? (Win98se; I know you're speaking about Win2000, but - I think - the same applies Win98)

First I need to apologize to Quazi. When Win2K loads a 4Meg page it loads between 80000000h and 9FFFFFFF. That's what I was refering to but I found that in XP it loads below 80000000 like you said.

Here is the bottom memory and it was not paged out. Pay no attention to addresses on left. Actually starts at zero.

Physical Memory address 00000000h in XP:

00000100 16 E8 00 F0 16 E8 00 F0-C3 E2 00 F0 16 E8 00 F0 ................

00000110 16 E8 00 F0 54 FF 00 F0-68 7E 00 F0 16 E8 00 F0 ....T...h~......

00000120 A5 FE 00 F0 87 E9 00 F0-6F EF 00 F0 6F EF 00 F0 ........o...o...

00000130 6F EF 00 F0 6F EF 00 F0-57 EF 00 F0 6F EF 00 F0 o...o...W...o...

00000140 DD 10 00 C0 4D F8 00 F0-41 F8 00 F0 34 98 00 F0 ....M...A...4...

00000150 39 E7 00 F0 59 F8 00 F0-2E E8 00 F0 D2 EF 00 F0 9...Y...........

00000160 A4 E7 00 F0 F2 E6 00 F0-6E FE 00 F0 53 FF 00 F0 ........n...S...

00000170 53 FF 00 F0 A4 F0 00 F0-C7 EF 00 F0 D4 51 00 C0 S............Q..

00000180 F2 E6 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000190 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001A0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001B0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001C0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001D0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001E0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001F0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000200 59 EC 00 F0 E5 EF 00 F0-65 F0 00 F0 D4 63 00 C0 Y.......e....c..

00000210 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000220 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000230 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000240 6F EF 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 o...............

00000250 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000260 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000270 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000280 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

00000290 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

000002A0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000002B0 16 E8 00 F0 DD 10 00 C0-16 E8 00 F0 16 E8 00 F0 ................

000002C0 60 BA 00 F0 F3 EC 00 F0-6F EF 00 F0 6F EF 00 F0 `.......o...o...

000002D0 89 EE 00 F0 FC F0 00 F0-00 ED 00 F0 24 ED 00 F0 ............$...

000002E0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

000002F0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

Physical Memory address 00000000h in Win2K:

00000100 16 E8 00 F0 16 E8 00 F0-C3 E2 00 F0 16 E8 00 F0 ................

00000110 16 E8 00 F0 54 FF 00 F0-68 7E 00 F0 16 E8 00 F0 ....T...h~......

00000120 A5 FE 00 F0 87 E9 00 F0-6F EF 00 F0 6F EF 00 F0 ........o...o...

00000130 6F EF 00 F0 6F EF 00 F0-57 EF 00 F0 6F EF 00 F0 o...o...W...o...

00000140 DD 10 00 C0 4D F8 00 F0-41 F8 00 F0 34 98 00 F0 ....M...A...4...

00000150 39 E7 00 F0 59 F8 00 F0-2E E8 00 F0 D2 EF 00 F0 9...Y...........

00000160 A4 E7 00 F0 F2 E6 00 F0-6E FE 00 F0 53 FF 00 F0 ........n...S...

00000170 53 FF 00 F0 A4 F0 00 F0-C7 EF 00 F0 D4 51 00 C0 S............Q..

00000180 F2 E6 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000190 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001A0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001B0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001C0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001D0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001E0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001F0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000200 59 EC 00 F0 E5 EF 00 F0-65 F0 00 F0 D4 63 00 C0 Y.......e....c..

00000210 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000220 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000230 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000240 6F EF 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 o...............

00000250 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000260 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000270 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000280 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

00000290 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

000002A0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000002B0 16 E8 00 F0 DD 10 00 C0-16 E8 00 F0 16 E8 00 F0 ................

000002C0 60 BA 00 F0 F3 EC 00 F0-6F EF 00 F0 6F EF 00 F0 `.......o...o...

000002D0 89 EE 00 F0 FC F0 00 F0-00 ED 00 F0 24 ED 00 F0 ............$...

000002E0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

000002F0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

Looks like DOS interrupt vector table

Here is the bottom memory and it was not paged out. Pay no attention to addresses on left. Actually starts at zero.

Physical Memory address 00000000h in XP:

00000100 16 E8 00 F0 16 E8 00 F0-C3 E2 00 F0 16 E8 00 F0 ................

00000110 16 E8 00 F0 54 FF 00 F0-68 7E 00 F0 16 E8 00 F0 ....T...h~......

00000120 A5 FE 00 F0 87 E9 00 F0-6F EF 00 F0 6F EF 00 F0 ........o...o...

00000130 6F EF 00 F0 6F EF 00 F0-57 EF 00 F0 6F EF 00 F0 o...o...W...o...

00000140 DD 10 00 C0 4D F8 00 F0-41 F8 00 F0 34 98 00 F0 ....M...A...4...

00000150 39 E7 00 F0 59 F8 00 F0-2E E8 00 F0 D2 EF 00 F0 9...Y...........

00000160 A4 E7 00 F0 F2 E6 00 F0-6E FE 00 F0 53 FF 00 F0 ........n...S...

00000170 53 FF 00 F0 A4 F0 00 F0-C7 EF 00 F0 D4 51 00 C0 S............Q..

00000180 F2 E6 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000190 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001A0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001B0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001C0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001D0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001E0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001F0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000200 59 EC 00 F0 E5 EF 00 F0-65 F0 00 F0 D4 63 00 C0 Y.......e....c..

00000210 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000220 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000230 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000240 6F EF 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 o...............

00000250 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000260 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000270 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000280 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

00000290 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

000002A0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000002B0 16 E8 00 F0 DD 10 00 C0-16 E8 00 F0 16 E8 00 F0 ................

000002C0 60 BA 00 F0 F3 EC 00 F0-6F EF 00 F0 6F EF 00 F0 `.......o...o...

000002D0 89 EE 00 F0 FC F0 00 F0-00 ED 00 F0 24 ED 00 F0 ............$...

000002E0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

000002F0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

Physical Memory address 00000000h in Win2K:

00000100 16 E8 00 F0 16 E8 00 F0-C3 E2 00 F0 16 E8 00 F0 ................

00000110 16 E8 00 F0 54 FF 00 F0-68 7E 00 F0 16 E8 00 F0 ....T...h~......

00000120 A5 FE 00 F0 87 E9 00 F0-6F EF 00 F0 6F EF 00 F0 ........o...o...

00000130 6F EF 00 F0 6F EF 00 F0-57 EF 00 F0 6F EF 00 F0 o...o...W...o...

00000140 DD 10 00 C0 4D F8 00 F0-41 F8 00 F0 34 98 00 F0 ....M...A...4...

00000150 39 E7 00 F0 59 F8 00 F0-2E E8 00 F0 D2 EF 00 F0 9...Y...........

00000160 A4 E7 00 F0 F2 E6 00 F0-6E FE 00 F0 53 FF 00 F0 ........n...S...

00000170 53 FF 00 F0 A4 F0 00 F0-C7 EF 00 F0 D4 51 00 C0 S............Q..

00000180 F2 E6 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000190 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001A0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001B0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001C0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001D0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001E0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000001F0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000200 59 EC 00 F0 E5 EF 00 F0-65 F0 00 F0 D4 63 00 C0 Y.......e....c..

00000210 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000220 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000230 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000240 6F EF 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 o...............

00000250 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000260 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000270 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

00000280 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

00000290 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

000002A0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................

000002B0 16 E8 00 F0 DD 10 00 C0-16 E8 00 F0 16 E8 00 F0 ................

000002C0 60 BA 00 F0 F3 EC 00 F0-6F EF 00 F0 6F EF 00 F0 `.......o...o...

000002D0 89 EE 00 F0 FC F0 00 F0-00 ED 00 F0 24 ED 00 F0 ............$...

000002E0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

000002F0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

Looks like DOS interrupt vector table