Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

getSizeOfImageProcessNative() not work #53

Open
fobricia opened this issue Oct 30, 2022 · 0 comments
Open

getSizeOfImageProcessNative() not work #53

fobricia opened this issue Oct 30, 2022 · 0 comments

Comments

@fobricia
Copy link

so, this function always not work, struct MEMORY_REGION_INFORMATION invalid (sizeof)

I fixed this structure as

typedef struct _MEMORY_REGION_INFORMATION
{
PVOID AllocationBase; //Imagebase
ULONG AllocationProtect;
ULONG RegionType;
SIZE_T RegionSize; //Size of image
SIZE_T CommitSize;
ULONG_PTR PartitionId; // 19H1
ULONG_PTR NodePreference; // 20H1
} MEMORY_REGION_INFORMATION, *PMEMORY_REGION_INFORMATION;

and function getSizeOfImageProcessNative() worked correct after this changle

SIZE_T ProcessAccessHelp::getSizeOfImageProcessNative( HANDLE processHandle, DWORD_PTR moduleBase )
{
MEMORY_REGION_INFORMATION memRegion = {0};
SIZE_T retLen = 0;
if (NativeWinApi::NtQueryVirtualMemory(processHandle, (PVOID)moduleBase, MemoryRegionInformation, &memRegion, sizeof(MEMORY_REGION_INFORMATION), &retLen) == STATUS_SUCCESS)
{
return memRegion.RegionSize;
}
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fobricia