flat assembler
Message board for the users of flat assembler.

Index > Windows > VirtualQueryEx error 0x18

Author
Thread Post new topic Reply to topic
extra_12345



Joined: 21 Apr 2020
Posts: 45
extra_12345 11 Oct 2024, 22:48
VirtualQueryEx fails and I'm getting GetLastError 0x18.

this is how i defined MEMORY_BASIC_INFORMATION:

struct MEMORY_BASIC_INFORMATION
BaseAddress dq ?
AllocationBase dq ?
AllocationProtect dd ?
PartitionId dw ?
RegionSize dq ?
State dd ?
Protect dd ?
Type dd ?
ends


https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-memory_basic_information


and this is how i opened the handle:

invoke OpenProcess,PROCESS_QUERY_INFORMATION or PROCESS_VM_READ ,FALSE,[ProcId]

I also tried PROCESS_ALL_ACCESS but no luck.


and this is how i call VirtualQueryEx :

invoke VirtualQueryEx,dword [ProcHandle],r13,addr mbi,sizeof.MEMORY_BASIC_INFORMATION

r13 = points to valid memory region which is PAGE_READONLY but I got no idea why VirtualQueryEx fails, any ideas? I'm coding in 64 bit.
Post 11 Oct 2024, 22:48
View user's profile Send private message Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1671
Location: Toronto, Canada
AsmGuru62 11 Oct 2024, 22:56
In x64 HANDLE is not a DWORD (It is a QWORD).
So, why "dword [ProcHandle]" is used as a handle?
Post 11 Oct 2024, 22:56
View user's profile Send private message Send e-mail Reply with quote
extra_12345



Joined: 21 Apr 2020
Posts: 45
extra_12345 11 Oct 2024, 23:14
AsmGuru62 wrote:
In x64 HANDLE is not a DWORD (It is a QWORD).
So, why "dword [ProcHandle]" is used as a handle?



I changed it:
invoke VirtualQueryEx,qword [ProcHandle],r13,addr mbi,sizeof.MEMORY_BASIC_INFORMATION


but still GetLastError 0x18
Post 11 Oct 2024, 23:14
View user's profile Send private message Reply with quote
extra_12345



Joined: 21 Apr 2020
Posts: 45
extra_12345 11 Oct 2024, 23:46
The culprit was MEMORY_BASIC_INFORMATION, for 64 bit it needs some padding:

struct MEMORY_BASIC_INFORMATION
BaseAddress dq ?
AllocationBase dq ?
AllocationProtect dd ?
PartitionId dw ?
_padding1 dw ?
RegionSize dq ?
State dd ?
Protect dd ?
Type dd ?
_padding2 dd ?
ends
Post 11 Oct 2024, 23:46
View user's profile Send private message Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1671
Location: Toronto, Canada
AsmGuru62 12 Oct 2024, 12:18
Well done.
I find no such structure in x64 headers for FASM, not in standard download.
Maybe someone should fix that.
I think if you search the forum --- you can find the more full and proper header for x64 coding.
Post 12 Oct 2024, 12:18
View user's profile Send private message Send e-mail Reply with quote
extra_12345



Joined: 21 Apr 2020
Posts: 45
extra_12345 13 Oct 2024, 03:46
AsmGuru62 wrote:
Well done.
I find no such structure in x64 headers for FASM, not in standard download.
Maybe someone should fix that.
I think if you search the forum --- you can find the more full and proper header for x64 coding.


I think I've seen it a while ago, I'll take a look around.
Post 13 Oct 2024, 03:46
View user's profile Send private message Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1671
Location: Toronto, Canada
AsmGuru62 13 Oct 2024, 12:53
I think if you go to this forum, I mean "Windows" forum --- there is a 'sticky' post there with the files.
Post 13 Oct 2024, 12:53
View user's profile Send private message Send e-mail Reply with quote
Ali.Z



Joined: 08 Jan 2018
Posts: 732
Ali.Z 14 Oct 2024, 12:08
i wrote such code that deals with VM and process winapi multiple times, except that i no longer have such code.

it would be much easier to share a minimal example instead of me writing one from scratch.

_________________
Asm For Wise Humans
Post 14 Oct 2024, 12:08
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.