Crash due to wrong prototype for NtAllocateVirtualMemoryEx #52
Comments
|
The hook for |
kevoreilly
added a commit
that referenced
this issue
Dec 23, 2022
…MEM_EXTENDED_PARAMETER is a pointer) - thanks Michael Weiser #52
|
Thanks a lot! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've been seeing crashes in the
NtAllocateVirtualMemoryExhook as can be seen here:(please excuse the German UI, the debug machine was not mine)
It looked like a call-by-value with a large operand to me and pointed me towards the
__inout MEM_EXTENDED_PARAMETER Parametersargument to the function. Since I've never seen such a large structure being passed by value in any API I dug a bit and found this alternative usage much more in line with my experience: dotnet/runtime#12779After changing the prototype to use a pointer like so, the crashes went away:
See also: https://learn.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualalloc2
This also jives with
Parametersbeing an array ofMEM_EXTENDED_PARAMETERs defined by last argumentParameterCount.The text was updated successfully, but these errors were encountered: