flat assembler
Message board for the users of flat assembler.

Index > Windows > How to verify a given memory address is valid?

Author
Thread Post new topic Reply to topic
nazha



Joined: 05 Mar 2009
Posts: 40
Location: Beijing, China
nazha
If access an invalid memory address, the program will crash, is there a way to check a given address is valid or not?

Thanks.

_________________
Assembly Asker
Post 25 Aug 2010, 00:59
View user's profile Send private message Reply with quote
Tyler



Joined: 19 Nov 2009
Posts: 1216
Location: NC, USA
Tyler
I realize this is in Windows section, but maybe there's a WinAPI equivalent to signal(). With signal, you can hook SIGSEGV, and catch your seg faults. I've never actually tried this, so it may not work.
Post 25 Aug 2010, 01:21
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
IsBadReadPtr

But read it completely, including the community comment.

Also, if you have some time please test with VirtualQuery and tell us if it works reliably for clearly invalid pointers. Since it is very likely it won't raise exceptions, it shouldn't mess with the guard pages (although I'm not sure how them are treated by this function)

PS: In case it is not obvious, VirtualQuery won't solve the problem in which a pointer is pointing inside a committed page but the region is not supposed to be used yet (unallocated heap memory for instance). Your access will work of course, but you just corrupted the memory and a crash will probably occur later when that memory is consumed.
Post 25 Aug 2010, 01:34
View user's profile Send private message Reply with quote
b1528932



Joined: 21 May 2010
Posts: 287
b1528932
the program will not crash, it will transfer control to exception handler.
and this is how you detect validity of pointer.
Post 25 Aug 2010, 12:32
View user's profile Send private message Reply with quote
nazha



Joined: 05 Mar 2009
Posts: 40
Location: Beijing, China
nazha
thank you all. I will try a exception handler. yes, if I have time I will try VirtualQuery.

_________________
Assembly Asker
Post 25 Aug 2010, 14:15
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Really, both of you actually READ COMPLETELY the documentation page. Also, since perhaps it is not explicitly said, IsBadReadPtr is already implementing the detection with an exception handler, and that is exactly the problem, it defeats the purpose of guard pages, and STILL it is the problem of memory regions that can be read but are not actually intended to be used yet.
Post 25 Aug 2010, 14:25
View user's profile Send private message Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2936
Location: vpcmipstrm
bitRAKE
IIRC, the debug API has a way to enumerate the memory regions used by a process -- this is how OlyDbg does it. No doubt there is even a lower level in the kernel which the debug API uses.
Post 26 Aug 2010, 01:21
View user's profile Send private message Visit poster's website Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 454
Location: Czech republic, Slovak republic
Feryno
Quote:
the debug API has a way to enumerate the memory regions used by a process

I used VirtualQueryEx in fdbg for such purposes.
No need to worry whether returned valid memory page is present or not in paging tables - accessing it if its present bit is 0 leads to pagefault and OS makes the page present in memory then (I plane to demonstrate that at FASMCON 2010 http://board.flatassembler.net/topic.php?t=11705 - forcing guest to map in pages not yet mapped which have present bit set to 0 but should be valid - e.g. the whole memory of executable module - usually most of DLLs are full of nonpresent holes because the pages weren't yet read either executed under a process).
If you want to be sure whether the page is present (bit 0. of last level of translation tables is set to 1) then I used to walk paging tables from CR3 to the last level in my projects (requires ring0 driver or ring-1 hypervisor)
the hard way is: extract base of translation tables from CR3, map it, get the base of next level of translation tables for corresponding virt. memory ..... check P bit of last level of paging tables.... unmap all pages mapped when walking paging tables
Post 26 Aug 2010, 05:50
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
ouadji



Joined: 24 Dec 2008
Posts: 1081
Location: Belgium
ouadji
hook interrupt 0Eh and intercept page fault. (driver/ring0)
with a "intercept_code" just before your memory access.
in order to intercept only the page fault from your code
I have already done this, it's a hard code, but it works fine.

_________________
I am not young enough to know everything (Oscar Wilde)- Image
Post 26 Aug 2010, 08:43
View user's profile Send private message Send e-mail Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 454
Location: Czech republic, Slovak republic
Feryno
I remembered also that ring0 ntoskrnl / ntkrnlmp export MmIsAddressValid may be used instead of manual walk through paging tables to determine whether present bit of last level of paging tables is set to 1 - but that may be usefull only to check virtual memory of currently running process which calls MmIsAddressValid. To check virtual memory of alien process you must find its CR3 (it's not easy to obtain CR3 of alien process) and then perform manual walk through paging tables
Post 26 Aug 2010, 10:49
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.