search

JamesMenetrey / MemorySharp

A C# based memory editing library targeting Windows applications, offering various functions to extract and inject data and codes into remote processes to allow interoperability.
Other
634 stars 135 forks source link

MemoryCore.Query unsigned 32-bit address overflow #28

Open somersby10ml opened 8 months ago

somersby10ml commented 8 months ago

Environment

Windows11 64bit os

Target process

32bit process my process is 32bit process.

Problem

I am trying to query and read the space of 0xFF3F0000. However, this must be accessed as unsigned.

image

public IEnumerable<RemoteRegion> Regions => from page in MemoryCore.Query(addressTo: new IntPtr(int.MaxValue), processHandle: MemorySharp.Handle, addressFrom: IntPtr.Zero)
                                            select new RemoteRegion(MemorySharp, page.BaseAddress);

int.MaxValue is 0x7FFFFFFF, but i scan address is 0xFFFF****

If you enter a larger value, an overflow error window will appear.

Exception occurred: 'System.OverflowException' (mscorlib.dll)
An unhandled exception of type 'System.OverflowException' occurred in mscorlib.dll.
An arithmetic operation caused an overflow.

I think there should be no overflow and the maximum value should be 0xFFFFFFFF or SYSTEM_INFO maximumApplicationAddress (GetSystemInfo) and there should be no overflow.

JamesMenetrey commented 6 months ago

Hello @somersby10ml,

Thanks for your report! I'm going to take care of this issue in the next release of MemorySharp, where pointers types are better handled. :)

Cheers