def mem_is_allocated(addr):
mbi_ctor = D.MEMORY_BASIC_INFORMATION if int(py_olly.get_backend_info()['bitness']) == 32 else D.MEMORY_BASIC_INFORMATION64
mbi = mbi_ctor()
VirtualQueryEx = C.windll.kernel32.VirtualQueryEx
h_process = wintypes.HANDLE(py_olly.get_hprocess())
queried = VirtualQueryEx(h_process, C.c_void_p(addr), C.byref(mbi), C.sizeof(mbi))
return queried > 0
def safe_read_chunked_memory_region_as_one(base, size):
mbi_ctor = (
D.MEMORY_BASIC_INFORMATION if int(py_olly.get_backend_info()["bitness"]) == 32 else D.MEMORY_BASIC_INFORMATION64
)
mbi = mbi_ctor()
VirtualQueryEx = C.windll.kernel32.VirtualQueryEx
VirtualProtectEx = C.windll.kernel32.VirtualProtectEx
GetLastError = C.windll.kernel32.GetLastError
GRANULARITY = 0x1000
h_process = wintypes.HANDLE(py_olly.get_hprocess()) # oa.Plugingetvalue(oa.VAL_HPROCESS))
try:
rv = bytearray(size)
except MemoryError:
return
guarded = list()
gpoints = dict()
protect = 0
queried = VirtualQueryEx(h_process, C.c_void_p(base), C.byref(mbi), C.sizeof(mbi))
if queried:
protect = mbi.Protect
else:
print >> sys.stderr, "safe_read_chunked_memory_region_as_one: VirtualQueryEx(ptr 0x%08X, size 0x%08X) failed, error: %u" % (
base,
C.sizeof(mbi),
GetLastError(),
)
if queried and mbi.Protect & D.PAGE_GUARD:
g = {"ea": base, "size": GRANULARITY, "p": mbi.Protect}
gpoints[base] = 0
ea = base
while True:
ea -= GRANULARITY
if (
VirtualQueryEx(h_process, C.c_void_p(ea), C.byref(mbi), C.sizeof(mbi))
and (mbi.Protect & D.PAGE_GUARD) != 0
and g["p"] == mbi.Protect
):
g["ea"] -= GRANULARITY
g["size"] += GRANULARITY
else:
break
guarded.append(g)
for i in long_xrange(base + GRANULARITY, base + size, GRANULARITY):
p_addr = C.c_void_p(i)
if VirtualQueryEx(h_process, p_addr, C.byref(mbi), C.sizeof(mbi)) and mbi.Protect & D.PAGE_GUARD:
prevaddr = i - GRANULARITY
if prevaddr in gpoints and guarded[gpoints[prevaddr]]["p"] == mbi.Protect:
idx = gpoints[prevaddr]
else:
guarded.append({"ea": i, "size": 0L, "p": mbi.Protect})
idx = len(guarded) - 1
guarded[idx]["size"] += GRANULARITY
gpoints[i] = idx
def mem_is_allocated(addr):
mbi_ctor = (
D.MEMORY_BASIC_INFORMATION if int(py_olly.get_backend_info()["bitness"]) == 32 else D.MEMORY_BASIC_INFORMATION64
)
mbi = mbi_ctor()
VirtualQueryEx = C.windll.kernel32.VirtualQueryEx
h_process = wintypes.HANDLE(py_olly.get_hprocess())
queried = VirtualQueryEx(h_process, C.c_void_p(addr), C.byref(mbi), C.sizeof(mbi))
return queried > 0
def safe_read_chunked_memory_region_as_one(base, size):
mbi_ctor = D.MEMORY_BASIC_INFORMATION if int(py_olly.get_backend_info(
)['bitness']) == 32 else D.MEMORY_BASIC_INFORMATION64
mbi = mbi_ctor()
VirtualQueryEx = C.windll.kernel32.VirtualQueryEx
VirtualProtectEx = C.windll.kernel32.VirtualProtectEx
GetLastError = C.windll.kernel32.GetLastError
GRANULARITY = 0x1000
h_process = wintypes.HANDLE(
py_olly.get_hprocess()) # oa.Plugingetvalue(oa.VAL_HPROCESS))
try:
rv = bytearray(size)
except MemoryError:
return
guarded = list()
gpoints = dict()
protect = 0
queried = VirtualQueryEx(h_process, C.c_void_p(base), C.byref(mbi),
C.sizeof(mbi))
if queried:
protect = mbi.Protect
else:
print >> sys.stderr, 'safe_read_chunked_memory_region_as_one: VirtualQueryEx(ptr 0x%08X, size 0x%08X) failed, error: %u' %\
(base, C.sizeof(mbi), GetLastError())
if queried and mbi.Protect & D.PAGE_GUARD:
g = {'ea': base, 'size': GRANULARITY, 'p': mbi.Protect}
gpoints[base] = 0
ea = base
while True:
ea -= GRANULARITY
if VirtualQueryEx(h_process, C.c_void_p(ea), C.byref(mbi), C.sizeof(mbi)) and\
(mbi.Protect & D.PAGE_GUARD) != 0 and g['p'] == mbi.Protect:
g['ea'] -= GRANULARITY
g['size'] += GRANULARITY
else:
break
guarded.append(g)
for i in long_xrange(base + GRANULARITY, base + size, GRANULARITY):
p_addr = C.c_void_p(i)
if VirtualQueryEx(h_process, p_addr, C.byref(mbi), C.sizeof(mbi)) and\
mbi.Protect & D.PAGE_GUARD:
prevaddr = i - GRANULARITY
if prevaddr in gpoints and guarded[
gpoints[prevaddr]]['p'] == mbi.Protect:
idx = gpoints[prevaddr]
else:
guarded.append({'ea': i, 'size': 0L, 'p': mbi.Protect})
idx = len(guarded) - 1
guarded[idx]['size'] += GRANULARITY
gpoints[i] = idx
