Trouble using VMMDLL_Scatter in byte[2]

[maoxian123]

VMMDLL_Scatter_PrepareEx(g_hS, addr, size, (PBYTE)out_data, &read_count);

When the size = 2,read_count=0,the value is null; and when the size =4,read_count=4,and get the value success. i.e: addr=1ffcb8262f4 size=2

[maoxian123]

if (size < 4)
    {
        VMMDLL_Scatter_Prepare(g_hS, addr, 4);
    }
    else
    {
        VMMDLL_Scatter_Prepare(g_hS, addr, size);
    }

    byte data_temp[4];
    VMMDLL_Scatter_ExecuteRead(g_hS);
    if (size < 4)
    {
        VMMDLL_Scatter_Read(g_hS, addr, 4, data_temp, NULL);
        memcpy(out_data, data_temp, size);
    }
    else
    {
        VMMDLL_Scatter_Read(g_hS, addr, size, (PBYTE)out_data, NULL);
    }

I have test for this code,it works. If VMMDLL_Scatter_Prepare for size < 4 and VMMDLL_Scatter_Read for size <4,it failed. If VMMDLL_Scatter_Prepare for size 4 and VMMDLL_Scatter_Read for size <4,it failed.

Only VMMDLL_Scatter_Prepare for size 4 and VMMDLL_Scatter_Read for size 4,then you memcpy the temp read data to out_data,you can successed.

So i think is the VMMDLL_Scatter_Read have something wrong,

[ufrisk]

are you using the most recent version. i.e. the all dll files from the MemProcFS_files_and_binaries_v5.8.4-win_x64-20230921.zip download? (both leechcore.dll and vmm.dll).

I fixed some bugs a week ago or so. Just making sure you're on the most recent version before I look into this.

[maoxian123]

are you using the most recent version. i.e. the all dll files from the MemProcFS_files_and_binaries_v5.8.4-win_x64-20230921.zip download? (both leechcore.dll and vmm.dll).

I fixed some bugs a week ago or so. Just making sure you're on the most recent version before I look into this.

yes,it's the latest. And the trouble real exist in the latest version(5.8.4 5.8.3).

[ufrisk]

I found a small bug when doing tiny reads. I'm not completely sure it's your issue, but please try the new version and let me know if it resolves your issue.

[imerzan]

@ufrisk Would this possibly affect the older VMMDLL_MemReadScatter function as well? I just downloaded 5.8.4 but wondering if i should grab this since I use scatter reads quite frequently 😁 Although I think I read at least 4 bytes in every read, so may not matter.

[maoxian123]

@ufrisk Would this possibly affect the older VMMDLL_MemReadScatter function as well? I just downloaded 5.8.4 but wondering if i should grab this since I use scatter reads quite frequently 😁 Although I think I read at least 4 bytes in every read, so may not matter.

I have tested,VMMDLL_MemReadScatter is work well in all small size.

[ufrisk]

@imerzan this bug exists in all prior versions. It however only affects 1, 2 or 3-byte reads at certain alignments. If you do 4-byte reads at a minimum you should be fine.

@maoxian123 thank you for reporting this bug and confirming it has been resolved.