{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 再贱就再见 的问题《Scanning process memory causes crash》','https://www.manongdao.com/q-1346268.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
i have injected my DLL into process and i try to scan memory for addresses with same value as mine, but it results in a crash after i get 1st address , it should be 10 addresses
for(DWORD i = MEM_START; i< MEM_END ;i++)
{
VirtualQuery((void*)i,pMemInfo,sizeof(MEMORY_BASIC_INFORMATION));
if(pMemInfo->AllocationProtect == PAGE_READONLY || PAGE_EXECUTE_WRITECOPY || PAGE_READWRITE || PAGE_WRITECOMBINE)
{
if(*(DWORD*)i==1337)
{
addresses.push_back(i);
}
}
}
I believe my protection check is wrong but not quite sure.
virtual memory scanner
Yes, several mistakes. You'll need to use the | operator instead of ||. The value of
iis not meaningful, you must use MEMORY_BASIC_INFORMATION.AllocationBase to find where a region begins. And .RegionSize to know how big it is. The next value you pass to VirtualQuery should be .AllocationBase + .RegionSize to find the next region.That's not how the
||operator works. You may find it more readable to use aswitchstatement instead.