flat assembler
Message board for the users of flat assembler.
Index
> Windows > problem with array of byte scan |
Author |
|
extra_12345 10 Nov 2020, 14:12
by debugging and using getlasterror found out that i was dealing with the ERROR_INVALID_ADDRESS meaning the memory location that i was trying to access to had no read access so by using virtualprotect with PAGE_EXECUTE_READWRITE and changing the protection prior the array search and restoring it post search been able to solve the issue.
|
|||
10 Nov 2020, 14:12 |
|
extra_12345 10 Nov 2020, 19:02
soooooo still it crashes sometimes whether the pattern is found or not!,i'm out of ideas why!
this is the updated code: Code: proc AOBScan uses rbx rsi rdi r12 r13 r14 r15,lpArr2Scan:qword local sbyte dq ? mov [lpArr2Scan],rcx stdcall ConvAsciiHex2ByteArr,qword [lpArr2Scan],addr sbyte mov [lpArr2Scan],rax mov r13,rax invoke GetNativeSystemInfo,sysinfo mov rax,[sysinfo.lpMinimumApplicationAddress] mov rsi,lpiminaddr mov [rsi],rax mov r14,[rsi] mov rbx,[sbyte] mov rdi,[hinst] xor r12,r12 .while r14 < qword [sysinfo.lpMaximumApplicationAddress] invoke VirtualQuery,qword [rsi] ,mbi,sizeof.MEMORY_BASIC_INFORMATION .breakif rax = 0 invoke VirtualProtect,qword [mbi.BaseAddress],qword [mbi.RegionSize],PAGE_EXECUTE_READWRITE,oldpp .if rax & ~ qword [mbi.AllocationBase] = rdi & ~ qword [mbi.AllocationBase] = r13 stdcall ArrayofByteScan,[mbi.BaseAddress],[mbi.RegionSize],r13,rbx mov r15,rax invoke VirtualProtect,qword [mbi.BaseAddress],qword [mbi.RegionSize],dword [oldpp],oldpp .if r15 = 0 mov rax,[mbi.BaseAddress] add rax,[mbi.RegionSize] mov [rsi],rax mov r12,0 .else add r15,[mbi.BaseAddress] mov r12,r15 .break .endif .else mov rax,[mbi.BaseAddress] add rax,[mbi.RegionSize] mov [rsi],rax mov r12,0 .endif mov r14,[rsi] .endw invoke VirtualFree,r13,rbx,MEM_DECOMMIT mov rax,r12 ret endp |
|||
10 Nov 2020, 19:02 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.