flat assembler
Message board for the users of flat assembler.
Index
> Windows > How to verify a given memory address is valid? |
Author |
|
Tyler 25 Aug 2010, 01:21
I realize this is in Windows section, but maybe there's a WinAPI equivalent to signal(). With signal, you can hook SIGSEGV, and catch your seg faults. I've never actually tried this, so it may not work.
|
|||
25 Aug 2010, 01:21 |
|
LocoDelAssembly 25 Aug 2010, 01:34
IsBadReadPtr
But read it completely, including the community comment. Also, if you have some time please test with VirtualQuery and tell us if it works reliably for clearly invalid pointers. Since it is very likely it won't raise exceptions, it shouldn't mess with the guard pages (although I'm not sure how them are treated by this function) PS: In case it is not obvious, VirtualQuery won't solve the problem in which a pointer is pointing inside a committed page but the region is not supposed to be used yet (unallocated heap memory for instance). Your access will work of course, but you just corrupted the memory and a crash will probably occur later when that memory is consumed. |
|||
25 Aug 2010, 01:34 |
|
b1528932 25 Aug 2010, 12:32
the program will not crash, it will transfer control to exception handler.
and this is how you detect validity of pointer. |
|||
25 Aug 2010, 12:32 |
|
nazha 25 Aug 2010, 14:15
thank you all. I will try a exception handler. yes, if I have time I will try VirtualQuery.
_________________ Assembly Asker |
|||
25 Aug 2010, 14:15 |
|
LocoDelAssembly 25 Aug 2010, 14:25
Really, both of you actually READ COMPLETELY the documentation page. Also, since perhaps it is not explicitly said, IsBadReadPtr is already implementing the detection with an exception handler, and that is exactly the problem, it defeats the purpose of guard pages, and STILL it is the problem of memory regions that can be read but are not actually intended to be used yet.
|
|||
25 Aug 2010, 14:25 |
|
bitRAKE 26 Aug 2010, 01:21
IIRC, the debug API has a way to enumerate the memory regions used by a process -- this is how OlyDbg does it. No doubt there is even a lower level in the kernel which the debug API uses.
|
|||
26 Aug 2010, 01:21 |
|
Feryno 26 Aug 2010, 05:50
Quote: the debug API has a way to enumerate the memory regions used by a process I used VirtualQueryEx in fdbg for such purposes. No need to worry whether returned valid memory page is present or not in paging tables - accessing it if its present bit is 0 leads to pagefault and OS makes the page present in memory then (I plane to demonstrate that at FASMCON 2010 http://board.flatassembler.net/topic.php?t=11705 - forcing guest to map in pages not yet mapped which have present bit set to 0 but should be valid - e.g. the whole memory of executable module - usually most of DLLs are full of nonpresent holes because the pages weren't yet read either executed under a process). If you want to be sure whether the page is present (bit 0. of last level of translation tables is set to 1) then I used to walk paging tables from CR3 to the last level in my projects (requires ring0 driver or ring-1 hypervisor) the hard way is: extract base of translation tables from CR3, map it, get the base of next level of translation tables for corresponding virt. memory ..... check P bit of last level of paging tables.... unmap all pages mapped when walking paging tables |
|||
26 Aug 2010, 05:50 |
|
ouadji 26 Aug 2010, 08:43
hook interrupt 0Eh and intercept page fault. (driver/ring0)
with a "intercept_code" just before your memory access. in order to intercept only the page fault from your code I have already done this, it's a hard code, but it works fine. |
|||
26 Aug 2010, 08:43 |
|
Feryno 26 Aug 2010, 10:49
I remembered also that ring0 ntoskrnl / ntkrnlmp export MmIsAddressValid may be used instead of manual walk through paging tables to determine whether present bit of last level of paging tables is set to 1 - but that may be usefull only to check virtual memory of currently running process which calls MmIsAddressValid. To check virtual memory of alien process you must find its CR3 (it's not easy to obtain CR3 of alien process) and then perform manual walk through paging tables
|
|||
26 Aug 2010, 10:49 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.