Closed BubonicPestilence closed 7 months ago
Unfortunately not. Github Sponsors is unfortunately the way to go. I know everyone don't have access to a CC and it's quite unfortunate, but thanks for asking 👍 If you have the chance to use Github Sponsors it would be greatly appreciated.
This shouldn't happen. Reading outside of physical addresses may cause issues. The memmap addresses that issue.
There are some periodic background updates that might shortly result in higher read latencies, but it should be noticed every few seconds / minutes.
If the memory is paged out it may take longer times as well to access due to inefficiencies in internal MemProcFS and just because it's more complicated as well. There are some read flags you can add to your read request to avoid this, namely VMMDLL_FLAG_NOPAGING
and VMMDLL_FLAG_NOPAGING_IO
. Other than that there shouldn't be anything around reading bad virtual memory.
You can check the memory layout if you use MemProcFS to mount the memory as a virtual file system, you can check it out in the M:\name\
Hope this explains it a bit. Also it may be faster to ask general questions on the Discord.
Please let me know if this would somehow explain things a bit and if it would resolve your issues, or if you still experience issues.
Thank you very much!
Hello ufrisk
1) Do you accept support using USDT/BTC?
2) I'm not memory-expert, just learning basics, and i'm interested is there a way to properly find all available virtual addresses of a process/module to read from?
I have a feeling that reading outside of "claimed/registered" v-addresses causing my card to hangup. I'm already using mmap... but victim system is using AMD CPU... And by testing reads over and over small range of addresses that nearly guarantedly "claimed" by app (also, i've limited big reads to 1000 bytes per call), made my app working for last ≈6h without hangups.
What i have found, is
process.maps.heap()["segment"]
andprocess.maps.pte()
, i assuming it's likerange(start_vaddr, start_vaddr + size * 4096)
Also I have seen, that you told someone to watch for
vte
, to check forpaged
memory parts.If possible, i will be glad to hear, what is best way to get list of "safe-to-read" memory address ranges.