flat assembler
Message board for the users of flat assembler.
![]() |
Author |
|
extra_12345 07 Nov 2020, 17:39
so i'm trying to retrieve the virtual pages within the memory of the running process using GetNativeSystemInfo and VirtualQuery api functions but dunno why it virtualquery returns zero?!
this is the code: Code: proc init invoke GetNativeSystemInfo,sysinfo invoke VirtualQuery,qword [sysinfo.lpMinimumApplicationAddress],mbi,sizeof.MEMORY_BASIC_INFORMATION mov [dum],rax ;return value is zero ret endp section '.data' code readable writeable struct MEMORY_BASIC_INFORMATION BaseAddress dq 0 AllocationBase dq 0 AllocationProtect dd 0 PartitionId dd ? RegionSize dq 0 ; SIZE_T is qword State dd 0 Protect dd 0 Type dd 0 ends sysinfo SYSTEM_INFO mbi MEMORY_BASIC_INFORMATION according to msdn : https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualquery Quote:
what am i doing wrong here? |
|||
![]() |
|
extra_12345 07 Nov 2020, 19:25
i got it figured out:
Code: struct MEMORY_BASIC_INFORMATION BaseAddress dq 0 AllocationBase dq 0 AllocationProtect dd 0 alignment1 dd ? RegionSize dq 0 State dd 0 Protect dd 0 Type dd 0 alignment2 dd ? ends https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-memory_basic_information Quote:
Code: typedef struct _MEMORY_BASIC_INFORMATION32 { DWORD BaseAddress; DWORD AllocationBase; DWORD AllocationProtect; DWORD RegionSize; DWORD State; DWORD Protect; DWORD Type; } MEMORY_BASIC_INFORMATION32, *PMEMORY_BASIC_INFORMATION32; typedef struct DECLSPEC_ALIGN(16) _MEMORY_BASIC_INFORMATION64 { ULONGLONG BaseAddress; ULONGLONG AllocationBase; DWORD AllocationProtect; DWORD __alignment1; ULONGLONG RegionSize; DWORD State; DWORD Protect; DWORD Type; DWORD __alignment2; } MEMORY_BASIC_INFORMATION64, *PMEMORY_BASIC_INFORMATION64; it's working now ![]() |
|||
![]() |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.