All geek questions in one place

Reading random memory locations? Possible?

Is there a way (read-only) to access an arbitrary memory cell without violating access rights? I thought that each process has its own virtual address space and that it can read all available memory cells ... it seems not so, since my program freezes if I do something like

var
  IntPtr : PInteger;
  AnInteger : Integer;
...
IntPtr := $100;
AnInteger := IntPtr^;

I am still trying to write a recursive function with a low level of recursion and trying to determine if a data item is an object reference or not.

Thanks!

+3
source share
6 answers

, , . , ; , .

, , , , , : http://msdn.microsoft.com/en-us/library/ms878234.aspx p >

AFAIR ( , 4G ).

+5

? - . AV. AV . .

, - .

function IsValidObject(const AObj: Pointer { or TObject} ): Boolean;
begin
  try
    ...
    // place your checking code there
    Result := ...;
  except
    on EAccessViolation do
      Result := False;
  end;
end;

, , , - , . , , ;)

- ( ):

function GetReadableSize(const AAddress: Pointer; const ASize: Cardinal): Cardinal;
const
  ReadAttributes = [PAGE_READONLY, PAGE_READWRITE, PAGE_EXECUTE_READ, PAGE_EXECUTE_READWRITE];
var
  MemInfo: TMemoryBasicInformation;
  Tmp: Cardinal;
begin
  Result := 0;
  if (VirtualQuery(AAddress, MemInfo, SizeOf(MemInfo)) = SizeOf(MemInfo)) and
     (MemInfo.State = MEM_COMMIT) and (MemInfo.Protect in ReadAttributes) then
  begin
    Result := (MemInfo.RegionSize - (Cardinal(AAddress) - Cardinal(MemInfo.BaseAddress)));
    if Result < ASize then
    begin
      repeat
        Tmp := GetReadableSize(Pointer(DWord(MemInfo.BaseAddress) + MemInfo.RegionSize), (ASize - Result));
        if (Tmp > 0) then
          Inc(Result, Tmp)
        else
          Result := 0;
      until (Result >= ASize) or (Tmp = 0);
    end;
  end;
end;

function IsValidBlockAddr(const AAddress: Pointer; const ASize: Cardinal): Boolean;
begin
  Result := (GetReadableSize(AAddress, ASize) >= ASize);
end;

.

+4

, , , , , , , WinAPI: ReadProcessMemory.

+3

. 4kb afaik.

, , , , .

+2

- , , , . Windows , , , .

DMA, .

+1

Windows, 95, 98, Me asm / ...

ReadPortByte function: Byte; var Base: Word; Start Base: = FAddress; like m mov DX, Base in AL, DX mov Result, AL end; end;

You can still do this using the device driver, but Vista can cause some problems if the driver is not compiled correctly for Vista and later.

There are several free ones and it is worth experimenting with.

John

+1
source

Source: https://habr.com/ru/post/1707602/

More articles:


All Articles