ufrisk
commented
4 months ago This seems to be related to a game. If this behavior is in any way related to some games anti-cheat I'm unfortunately not helping out.
With that being said, what you're describing sounds a bit like normal Windows behavior though.
After quite some time Windows may "page out" certain parts of virtual memory from physical memory to disk - making it unavailable to DMA. This sometimes happens to the 1st page in the module, the PE header.
You can check if this out if you, when the issue occurs, mount the MemProcFS file system. Check out your M:\name\
If it's still in it check out M:\name\
If the PE header is paged out to disk there is not much I can do. I guess you'd be able to save the memory range from earlier working instances (active memory pages will still be possible to read) or access the range location though the VAD map.
Best wishes with this :)
ReeceXW
For some context, doing testing and opening/closing the application a lot. I am properly closing all handles and everything seems to be working other than this.
This module is present in the game and for a long time PCILeech is able to fetch this. But after some time, either from reading a lot or restarting a lot, the module dissapears from both VMMDLL_Map_GetModuleU and VMMDLL_Map_GetModuleFromNameU
All other modules are still present and if you replace the virtual address you can still read and write in that modules space fine. I know this doesn't have much information but I don't really know where to look for this. PCILeech logs no issues it simply fails to pick it up.
I've noticed also that if I leave a loop somewhere that uses VMMDLL_Map_GetModuleFromNameU, after a fair while the module can't be found anymore without any changes.