| View previous topic :: View next topic |
| Author |
Message |
Full Metal Jacket
Newbie cheater
![]() Reputation: 0
Joined: 11 Jul 2013
Posts: 14
|
 Posted: Fri Nov 04, 2016 7:45 am Post subject: The memory could not be read… despite region has PAGE_READWR |
 |
|
I'm trying to pattern scan whole memory from 0 to 0x7FFFFFFF (32bit) from injected dll. I'm using VirtualQuery to get memory regions that are writable and valid and perform scan on them. Something is wrong as I get some weird exception.
| Quote: | | The Instruction at 0x... referenced memory at 0x... The memory could not be read |
This is the code I use to iterate over regions:
| Code: |
MEMORY_BASIC_INFORMATION info;
unsigned long address = 0;
while (VirtualQuery ((void*)address, &info, sizeof(info)) == sizeof(info))
{
if((info.State == MEM_COMMIT) && !(info.Protect & (PAGE_NOACCESS | PAGE_GUARD)) && (((info.Protect & PAGE_READWRITE)>0) ||
((info.Protect & PAGE_WRITECOPY)>0) || //writecopy IS writable
((info.Protect & PAGE_EXECUTE_READWRITE)>0) ||
((info.Protect & PAGE_EXECUTE_WRITECOPY)>0)))
{
unsigned long start = (unsigned long)info.BaseAddress;
//unsigned long end = start + info.RegionSize;
printf("Scanning region %p (Size: %d)\n", start, info.RegionSize);
// my FindPattern here..
}
address = (unsigned long)info.BaseAddress + info.RegionSize;
} |
Do you know what could be the cause and how to fix this? Cheat engine searches well this memory range. Or how to handle it so when the exception occurs I can continue scanning.??
Best regards
| Description: |
|
| Filesize: |
42.17 KB |
| Viewed: |
7409 Time(s) |
|
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25808
Location: The netherlands
|
| Posted: Fri Nov 04, 2016 8:05 am Post subject: |
|
|
Perhaps it got freed during the scan?
Also, add a flush(stdout) after your printf
because now it looks like your patern scanner is touching 92d1000 on a block of 4096 bytes starting at 92d0000 (so too far)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Full Metal Jacket
Newbie cheater
![]() Reputation: 0
Joined: 11 Jul 2013
Posts: 14
|
| Posted: Fri Nov 04, 2016 8:59 am Post subject: |
|
|
How can I handle unexpectedly freed memory during the scan or check if it didn't go too far? How does CE deal with it? Hmm maybe I should dump region to some temporary buffer and scan this instead? Also what is the reason of flush(stdout) after printf can it cause crash or something if I don't do flush? Yes 92d1000 is where this region ends.. 92d0000 + 4096 = 92d1000 but I guess it doesn't go that far I mean after 92d1000.. Hmm ..
This is always end address of a region I've noticed.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25808
Location: The netherlands
|
| Posted: Fri Nov 04, 2016 10:00 am Post subject: |
|
|
Printf doesn't always show the last line on a crash. With flush it will
Your exception shows something read from 92d1000 so it should have been on the next iteration already, or your pattern checker is btoken
As for handling it, try an exception handler
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Full Metal Jacket
Newbie cheater
![]() Reputation: 0
Joined: 11 Jul 2013
Posts: 14
|
| Posted: Fri Nov 04, 2016 10:36 am Post subject: |
|
|
| Thanks for suggestions. I hope I will fix it or find better approach.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
