flat assembler
Message board for the users of flat assembler.

Index > Windows > VirtualAlloc trouble

Goto page 1, 2, 3  Next
Author
Thread Post new topic Reply to topic
Teehee



Joined: 05 Aug 2009
Posts: 570
Location: Brazil
Teehee 20 Dec 2009, 11:00
what's wrong in code below? VirtualAlloc seems does not work...

Code:
format PE GUI 4.0
entry _start
include 'win32ax.inc'
section '.data' data readable writeable
        stA dd ?

section '.text' code readable executable
_start:
        invoke VirtualAlloc,0,8192,MEM_COMMIT,PAGE_READWRITE ; <-- I think it doesn't allocating...
        mov    [stA], eax

        mov    ecx, 0
    @@: mov    [stA+ecx*4], 'abcd'
        inc    ecx
        cmp    ecx, 1023        ; <--- crashes if more than 1024!
        jne    @b
        mov    [stA+ecx*4],0

        invoke VirtualFree,stA,8192,MEM_RELEASE ; <-- also it's not releasing

        invoke  MessageBox,NULL,stA,NULL,MB_OK

  exit:
        invoke  ExitProcess,0

section '.idata' import data readable writeable
    library kernel32,'KERNEL32.DLL', user32,'USER32.DLL'
    include 'API\KERNEL32.INC'
    include 'API\USER32.INC'    

_________________
Sorry if bad english.
Post 20 Dec 2009, 11:00
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20302
Location: In your JS exploiting you and your system
revolution 20 Dec 2009, 11:04
the problem is here:
Code:
    @@: mov    [stA+ecx*4], 'abcd'
...
    @@: mov    [stA+ecx*4], 'abcd'
    
Your stA buffer is too small.

Perhaps you meant:
Code:
    @@: mov    [eax+ecx*4], 'abcd'
...
    @@: mov    [eax+ecx*4], 'abcd'
        invoke VirtualFree,[stA],8192,MEM_RELEASE ; <-- also it's not releasing    
Post 20 Dec 2009, 11:04
View user's profile Send private message Visit poster's website Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 570
Location: Brazil
Teehee 20 Dec 2009, 11:13
Quote:
Your stA buffer is too small

But I alloc 8192 bytes...

It still doesn't working...Sad
Post 20 Dec 2009, 11:13
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20302
Location: In your JS exploiting you and your system
revolution 20 Dec 2009, 11:14
No, you allocate just 4 bytes.

The 8192 byte allocation is never used in your original code.
Post 20 Dec 2009, 11:14
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20302
Location: In your JS exploiting you and your system
revolution 20 Dec 2009, 11:17
Also check the documentation for VirtualFree:
Quote:
If the dwFreeType parameter includes the MEM_RELEASE flag, this parameter (dwSize) must be zero.
Code:
        invoke VirtualFree,[stA],0,MEM_RELEASE    
Post 20 Dec 2009, 11:17
View user's profile Send private message Visit poster's website Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 570
Location: Brazil
Teehee 20 Dec 2009, 11:18
Shocked
So how can I use the 8192 bytes?

_________________
Sorry if bad english.
Post 20 Dec 2009, 11:18
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20302
Location: In your JS exploiting you and your system
revolution 20 Dec 2009, 11:18
Teehee wrote:
Shocked
So how can I use the 8192 bytes?
In my first reply I show where to change 'stA' to 'eax'
Post 20 Dec 2009, 11:18
View user's profile Send private message Visit poster's website Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 570
Location: Brazil
Teehee 20 Dec 2009, 11:21
but and this line:
Code:
mov    [stA], eax    

?
stA doenst points to eax?
Post 20 Dec 2009, 11:21
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20302
Location: In your JS exploiting you and your system
revolution 20 Dec 2009, 11:22
But then you overwrite it with this:
Code:
    @@: mov    [stA+ecx*4], 'abcd'
    
When ecx=0 the value at [stA] is overwritten with 'abcd'.
Post 20 Dec 2009, 11:22
View user's profile Send private message Visit poster's website Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 570
Location: Brazil
Teehee 20 Dec 2009, 11:27
oh.. you right! thanks Smile now it works Very Happy
Post 20 Dec 2009, 11:27
View user's profile Send private message Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 570
Location: Brazil
Teehee 20 Dec 2009, 11:41
here:
Code:
        invoke VirtualAlloc,0,8000,MEM_COMMIT,PAGE_READWRITE
        mov    [stA], eax

        mov    ecx, 0
    @@: mov    [eax+ecx], byte 'a'
        inc    ecx
        cmp    ecx,8191        
        jne    @b
        mov    [eax+ecx], dword 0

        invoke  MessageBox,NULL,[stA],NULL,MB_OK
        invoke VirtualFree,[stA],0,MEM_RELEASE        

I alloced 8000 bytes, but I can go till 8191 bytes. Why?
Post 20 Dec 2009, 11:41
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20302
Location: In your JS exploiting you and your system
revolution 20 Dec 2009, 11:43
Teehee wrote:
I alloced 8000 bytes, but I can go till 8191 bytes. Why?
Minimum allocation granularity in Windows is 4k. All allocations are in steps of 4096 bytes.
Post 20 Dec 2009, 11:43
View user's profile Send private message Visit poster's website Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 570
Location: Brazil
Teehee 20 Dec 2009, 11:43
bc I need to alloc pow 2 space?
Post 20 Dec 2009, 11:43
View user's profile Send private message Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 570
Location: Brazil
Teehee 20 Dec 2009, 11:44
ohh ok Smile
Post 20 Dec 2009, 11:44
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20302
Location: In your JS exploiting you and your system
revolution 20 Dec 2009, 11:45
It is related to the hardware paging in the CPU. You can't page less than 4k in the x86 CPU.
Post 20 Dec 2009, 11:45
View user's profile Send private message Visit poster's website Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 570
Location: Brazil
Teehee 20 Dec 2009, 11:52
now I understand Smile THANK YOU VERY MUCH!
Post 20 Dec 2009, 11:52
View user's profile Send private message Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 570
Location: Brazil
Teehee 20 Dec 2009, 12:03
One more question. How can I reallocate space?

ex:
1. untill 4096 bytes you fill with 'a'.
2. realloc to 8192.
3. 4096 untill 8192 byte you fill with 'b'.
Post 20 Dec 2009, 12:03
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20302
Location: In your JS exploiting you and your system
revolution 20 Dec 2009, 12:09
You can't realloc virtual memory in any automatic way.

You have to allocate a new piece of memory. Copy in existing data. And then free the original memory.
Post 20 Dec 2009, 12:09
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20302
Location: In your JS exploiting you and your system
revolution 20 Dec 2009, 12:13
Consider using VirtualAlloc to reserve space and just commit when you need it.

Or, consider using the LocalAlloc functions instead of the Virtual* functions.
Post 20 Dec 2009, 12:13
View user's profile Send private message Visit poster's website Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 570
Location: Brazil
Teehee 20 Dec 2009, 12:17
so i need to copy all bytes to the new buffer, then fill the rest with 'b' and release the last buffer? that's seems so slow Confused
Post 20 Dec 2009, 12:17
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2, 3  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.