flat assembler
Message board for the users of flat assembler.

Index > Windows > [solved] problem with VirtualQuery

Author
Thread Post new topic Reply to topic
extra_12345



Joined: 21 Apr 2020
Posts: 45
extra_12345 07 Nov 2020, 17:39
so i'm trying to retrieve the virtual pages within the memory of the running process using GetNativeSystemInfo and VirtualQuery api functions but dunno why it virtualquery returns zero?!

this is the code:

Code:
proc init
invoke GetNativeSystemInfo,sysinfo
invoke VirtualQuery,qword [sysinfo.lpMinimumApplicationAddress],mbi,sizeof.MEMORY_BASIC_INFORMATION
mov [dum],rax ;return value is zero
ret
endp


section '.data' code readable writeable

struct MEMORY_BASIC_INFORMATION

BaseAddress       dq 0
AllocationBase    dq 0
AllocationProtect dd 0
PartitionId dd ?
RegionSize        dq 0   ; SIZE_T is qword
State             dd 0
Protect           dd 0
Type              dd 0

ends

sysinfo SYSTEM_INFO
mbi MEMORY_BASIC_INFORMATION 

    


according to msdn :
https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualquery

Quote:

The return value is the actual number of bytes returned in the information buffer.

If the function fails, the return value is zero. To get extended error information,


what am i doing wrong here?
Post 07 Nov 2020, 17:39
View user's profile Send private message Reply with quote
extra_12345



Joined: 21 Apr 2020
Posts: 45
extra_12345 07 Nov 2020, 19:03
could it be that i declared MEMORY_BASIC_INFORMATION struct wrongly?

Code:
struct MEMORY_BASIC_INFORMATION

BaseAddress       dq 0
AllocationBase    dq 0
AllocationProtect dd 0
PartitionId dd ?
RegionSize        dq 0   ; SIZE_T is qword
State             dd 0
Protect           dd 0
Type              dd 0

ends    
Post 07 Nov 2020, 19:03
View user's profile Send private message Reply with quote
extra_12345



Joined: 21 Apr 2020
Posts: 45
extra_12345 07 Nov 2020, 19:25
i got it figured out:

Code:
struct MEMORY_BASIC_INFORMATION

BaseAddress       dq 0
AllocationBase    dq 0
AllocationProtect dd 0
alignment1 dd ?
RegionSize        dq 0
State             dd 0
Protect           dd 0
Type              dd 0
alignment2 dd ?

ends    


https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-memory_basic_information

Quote:

Remarks
To enable a debugger to debug a target that is running on a different architecture (32-bit versus 64-bit), use one of the explicit forms of this structure.


Code:
typedef struct _MEMORY_BASIC_INFORMATION32 {
    DWORD BaseAddress;
    DWORD AllocationBase;
    DWORD AllocationProtect;
    DWORD RegionSize;
    DWORD State;
    DWORD Protect;
    DWORD Type;
} MEMORY_BASIC_INFORMATION32, *PMEMORY_BASIC_INFORMATION32;

typedef struct DECLSPEC_ALIGN(16) _MEMORY_BASIC_INFORMATION64 {
    ULONGLONG BaseAddress;
    ULONGLONG AllocationBase;
    DWORD     AllocationProtect;
    DWORD     __alignment1;
    ULONGLONG RegionSize;
    DWORD     State;
    DWORD     Protect;
    DWORD     Type;
    DWORD     __alignment2;
} MEMORY_BASIC_INFORMATION64, *PMEMORY_BASIC_INFORMATION64;    


it's working now Smile
Post 07 Nov 2020, 19:25
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.