System.ComponentModel.Win32Exception: 'Illegal access to a memory area.'

[Symbai]

I've reported an issue with Bleak before I saw you retired it and suggested Lunar instead. I gave Lunar a try and downloaded the current master code, but sadly it also fails (with a different exception though): System.ComponentModel.Win32Exception: 'Illegal access to a memory area.' at Lunar.Extensions.ProcessExtensions.ReadStructure[T](Process process, IntPtr structureAddress)

Local values:

structureAddress = 0xffffffff82798ba8
structureBlock.Length = 0x000000a8

--------------- (and from ReadModules() method:) --------------- 
entry.InMemoryOrderLinks.Flink = 0x82798bb0
loaderData.InMemoryOrderModuleList.Blink = 0x827986e0
entry.BaseDllName.Buffer = 0x0ccfb0d0
entry.BaseDllName.Length = 0x0016
entry.DllBase = 0x6f350000
inMemoryOrderLinksOffset = 0x0000000000000008

Call stack:

Lunar.dll!Lunar.Extensions.ProcessExtensions.ReadStructure<Lunar.Native.Structures.LdrDataTableEntry32>(System.Diagnostics.Process process, System.IntPtr structureAddress) Line 94 C#
Lunar.dll!Lunar.RemoteProcess.PebAccessor.ReadModules() Line 47 C#

Target process is 32bit, DLL i want to inject is C++ 32bit.

[Dewera]

This is very interesting. I can't quite determine what the cause of this exception is from what you have provided me. Would it be possible to get access to your specific DLL so I can step through the execution? Furthermore, could you let me know what process you are attempting to load into?

[Symbai]

Max Gentlemen on Steam, you can purchase it and refund if you make sure to not exceed 2 hours of playtime. My dll doesn't matter, I also tried the 'Basic.dll' to verify this. It appears that enumeration of the process modules is what fails.

The structureAddress property value is negative. If you call ReadProcessMemory with it, it likely gives this exception. The question is however WHY it is negative (memory address CANT be negative).

On Basic.dll the exception occurs in a different method:

Lunar.dll!Lunar.Extensions.ProcessExtensions.ReadArray(System.Diagnostics.Process process, System.IntPtr arrayAddress, int arraySize) Line 82 C#

[Dewera]

My guess would be that this specific process is using the 3gb memory range (instead of the default 2gb) and at least one of the memory addresses being read exceed the 0x7FFFFFFF traditional x86 address range. As the codebase is using signed values, it would make sense why this issue would occur.

Unfortunately, I'm not prepared to buy something purely for testing purposes, so when I get the time I will take a look into incorporating unsigned values into the codebase and send you a copy of any changes so you can test before I publish any patch.

[ragnaroks]

Max Gentlemen looks like free to play

[Symbai]

Max Gentlemen looks like free to play

Didn't know there was another game called that, lol. I meant this one: https://store.steampowered.com/app/817840/Max_Gentlemen_Sexy_Business/

[Symbai]

Unfortunately, I'm not prepared to buy something purely for testing purposes, so when I get the time I will take a look into incorporating unsigned values into the codebase and send you a copy of any changes so you can test before I publish any patch.

You can buy it. Stay under 2 hours of gameplay and then refund it. It costs you not a single dollar in the end.

[Dewera]

I've found the issue and will work on implementing a patch for 32 bit processes compiled with the /LARGEADDRESSAWARE flag when I get the time.

[Dewera]

@Symbai I apologise for the long delay, things have been hectic on my end and I've only just managed to get the time to create and test a fix. The latest version should solve the issue (at least it did with the tests I did.)