Skip to content

Commit

Permalink
[BUGFIX] Fixed scanning workingset by 32 bit scanner. Allow for ERROR…
Browse files Browse the repository at this point in the history
…_BAD_LENGHT
  • Loading branch information
hasherezade committed Jul 12, 2020
1 parent e0535c4 commit fc0ea26
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 18 deletions.
7 changes: 6 additions & 1 deletion scanners/scanner.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,12 @@ size_t pesieve::ProcessScanner::scanWorkingSet(ProcessScanReport &pReport) //thr
{
PSAPI_WORKING_SET_INFORMATION wsi_1 = { 0 };
BOOL result = QueryWorkingSet(this->processHandle, (LPVOID)&wsi_1, sizeof(PSAPI_WORKING_SET_INFORMATION));
if (result == FALSE) {
if (result == FALSE && GetLastError() != ERROR_BAD_LENGTH) {
/**
Allow to proceed on ERROR_BAD_LENGTH.
ERROR_BAD_LENGTH may occur if the scanner is 32 bit and running on a 64 bit system.
In case of any different error, break.
*/
throw std::runtime_error("Could not query the working set. ");
return 0;
}
Expand Down
31 changes: 14 additions & 17 deletions utils/workingset_enum.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,19 @@

#include <iostream>

#ifdef _WIN64
const ULONGLONG mask = ULONGLONG(-1);
#else
const ULONGLONG mask = DWORD(-1);
#endif

namespace pesieve {
namespace util {

bool get_next_commited_region(HANDLE processHandle, ULONGLONG start_va, MEMORY_BASIC_INFORMATION &page_info)
{
while (true) {
//std::cout << "Checking: " << std::hex << start_va << " vs " << std::hex << max_va << std::endl;
while (start_va < mask) {
//std::cout << "Checking: " << std::hex << start_va << std::endl;
memset(&page_info, 0, sizeof(MEMORY_BASIC_INFORMATION));
SIZE_T out = VirtualQueryEx(processHandle, (LPCVOID)start_va, &page_info, sizeof(page_info));
const DWORD error = GetLastError();
Expand All @@ -23,15 +29,12 @@ namespace pesieve {
std::cerr << "[WARNING] Cannot query the memory region. Error: " << std::dec << error << std::endl;
break;
}
if (error == ERROR_BAD_LENGTH) {
#ifdef _DEBUG
if (sizeof(page_info) != sizeof(MEMORY_BASIC_INFORMATION64)){
std::cerr << "[WARNING] Use 64-bit scanner. Error:" << std::dec << error << std::endl;
}
#endif
break;
}
if (out != sizeof(page_info) || error != ERROR_SUCCESS) {
/*
Allow to proceed on ERROR_BAD_LENGTH, if the filled MEMORY_BASIC_INFORMATION is as expected.
(ERROR_BAD_LENGTH may occur if the scanner is 32 bit and running on a 64 bit system.)
Otherwise - also on different error - skip.
*/
if (out != sizeof(page_info) || error != ERROR_BAD_LENGTH) {
std::cerr << "[WARNING] Cannot query the memory region. Error: " << std::dec << error << std::endl;
start_va += PAGE_SIZE;
continue;
Expand All @@ -58,12 +61,6 @@ namespace pesieve {

size_t pesieve::util::enum_workingset(HANDLE processHandle, std::set<ULONGLONG> &region_bases)
{
#ifdef _WIN64
ULONGLONG mask = ULONGLONG(-1);
#else
ULONGLONG mask = DWORD(-1);
#endif

region_bases.clear();

MEMORY_BASIC_INFORMATION page_info = { 0 };
Expand Down

0 comments on commit fc0ea26

Please sign in to comment.