def mem_is_allocated(addr): mbi_ctor = D.MEMORY_BASIC_INFORMATION if int(py_olly.get_backend_info()['bitness']) == 32 else D.MEMORY_BASIC_INFORMATION64 mbi = mbi_ctor() VirtualQueryEx = C.windll.kernel32.VirtualQueryEx h_process = wintypes.HANDLE(py_olly.get_hprocess()) queried = VirtualQueryEx(h_process, C.c_void_p(addr), C.byref(mbi), C.sizeof(mbi)) return queried > 0
def safe_read_chunked_memory_region_as_one(base, size): mbi_ctor = ( D.MEMORY_BASIC_INFORMATION if int(py_olly.get_backend_info()["bitness"]) == 32 else D.MEMORY_BASIC_INFORMATION64 ) mbi = mbi_ctor() VirtualQueryEx = C.windll.kernel32.VirtualQueryEx VirtualProtectEx = C.windll.kernel32.VirtualProtectEx GetLastError = C.windll.kernel32.GetLastError GRANULARITY = 0x1000 h_process = wintypes.HANDLE(py_olly.get_hprocess()) # oa.Plugingetvalue(oa.VAL_HPROCESS)) try: rv = bytearray(size) except MemoryError: return guarded = list() gpoints = dict() protect = 0 queried = VirtualQueryEx(h_process, C.c_void_p(base), C.byref(mbi), C.sizeof(mbi)) if queried: protect = mbi.Protect else: print >> sys.stderr, "safe_read_chunked_memory_region_as_one: VirtualQueryEx(ptr 0x%08X, size 0x%08X) failed, error: %u" % ( base, C.sizeof(mbi), GetLastError(), ) if queried and mbi.Protect & D.PAGE_GUARD: g = {"ea": base, "size": GRANULARITY, "p": mbi.Protect} gpoints[base] = 0 ea = base while True: ea -= GRANULARITY if ( VirtualQueryEx(h_process, C.c_void_p(ea), C.byref(mbi), C.sizeof(mbi)) and (mbi.Protect & D.PAGE_GUARD) != 0 and g["p"] == mbi.Protect ): g["ea"] -= GRANULARITY g["size"] += GRANULARITY else: break guarded.append(g) for i in long_xrange(base + GRANULARITY, base + size, GRANULARITY): p_addr = C.c_void_p(i) if VirtualQueryEx(h_process, p_addr, C.byref(mbi), C.sizeof(mbi)) and mbi.Protect & D.PAGE_GUARD: prevaddr = i - GRANULARITY if prevaddr in gpoints and guarded[gpoints[prevaddr]]["p"] == mbi.Protect: idx = gpoints[prevaddr] else: guarded.append({"ea": i, "size": 0L, "p": mbi.Protect}) idx = len(guarded) - 1 guarded[idx]["size"] += GRANULARITY gpoints[i] = idx
def mem_is_allocated(addr): mbi_ctor = ( D.MEMORY_BASIC_INFORMATION if int(py_olly.get_backend_info()["bitness"]) == 32 else D.MEMORY_BASIC_INFORMATION64 ) mbi = mbi_ctor() VirtualQueryEx = C.windll.kernel32.VirtualQueryEx h_process = wintypes.HANDLE(py_olly.get_hprocess()) queried = VirtualQueryEx(h_process, C.c_void_p(addr), C.byref(mbi), C.sizeof(mbi)) return queried > 0
def safe_read_chunked_memory_region_as_one(base, size): mbi_ctor = D.MEMORY_BASIC_INFORMATION if int(py_olly.get_backend_info( )['bitness']) == 32 else D.MEMORY_BASIC_INFORMATION64 mbi = mbi_ctor() VirtualQueryEx = C.windll.kernel32.VirtualQueryEx VirtualProtectEx = C.windll.kernel32.VirtualProtectEx GetLastError = C.windll.kernel32.GetLastError GRANULARITY = 0x1000 h_process = wintypes.HANDLE( py_olly.get_hprocess()) # oa.Plugingetvalue(oa.VAL_HPROCESS)) try: rv = bytearray(size) except MemoryError: return guarded = list() gpoints = dict() protect = 0 queried = VirtualQueryEx(h_process, C.c_void_p(base), C.byref(mbi), C.sizeof(mbi)) if queried: protect = mbi.Protect else: print >> sys.stderr, 'safe_read_chunked_memory_region_as_one: VirtualQueryEx(ptr 0x%08X, size 0x%08X) failed, error: %u' %\ (base, C.sizeof(mbi), GetLastError()) if queried and mbi.Protect & D.PAGE_GUARD: g = {'ea': base, 'size': GRANULARITY, 'p': mbi.Protect} gpoints[base] = 0 ea = base while True: ea -= GRANULARITY if VirtualQueryEx(h_process, C.c_void_p(ea), C.byref(mbi), C.sizeof(mbi)) and\ (mbi.Protect & D.PAGE_GUARD) != 0 and g['p'] == mbi.Protect: g['ea'] -= GRANULARITY g['size'] += GRANULARITY else: break guarded.append(g) for i in long_xrange(base + GRANULARITY, base + size, GRANULARITY): p_addr = C.c_void_p(i) if VirtualQueryEx(h_process, p_addr, C.byref(mbi), C.sizeof(mbi)) and\ mbi.Protect & D.PAGE_GUARD: prevaddr = i - GRANULARITY if prevaddr in gpoints and guarded[ gpoints[prevaddr]]['p'] == mbi.Protect: idx = gpoints[prevaddr] else: guarded.append({'ea': i, 'size': 0L, 'p': mbi.Protect}) idx = len(guarded) - 1 guarded[idx]['size'] += GRANULARITY gpoints[i] = idx