Why is my NtQueryVirtualMemory running error on R0, unable to read to normal 0x400000
He can read normally on R3 permissions (the picture on the black background is R3).
On R3 (white background image is R0) there are some 0x400000 that I don't want.
These are my code:
memcpy(&PID, pIoBuffer, sizeof(uInSize));
ULONG ProcessHandle = 0;
CLIENT_ID objCid;
OBJECT_ATTRIBUTES objOa;
RtlZeroMemory(&objOa, sizeof(OBJECT_ATTRIBUTES));
RtlZeroMemory(&objCid, sizeof(CLIENT_ID));
objOa.Length = sizeof(objOa);
objCid.UniqueProcess = (HANDLE)PID;
ZwOpenProcess(&ProcessHandle, 0x1F0FFF, &objOa, &objCid);
MEMORY_BASIC_INFORMATION mbi;
ULONG_PTR Index = 0x400000;
NtQueryVirtualMemory1 NtQueryVirtualMemory;
NtQueryVirtualMemory = (NtQueryVirtualMemory1)GetFunctionAddress("NtQuery VirtualMemory");
NtQueryVirtualMemory(
ProcessHandle,
(PVOID)0,
MemoryBasicInformation,
&mbi,
sizeof(mbi),
0);
DbgPrint("AllocationBase------------:%p\n", mbi.AllocationBase);
DbgPrint("AllocationProtect---------:%p\n", mbi.AllocationProtect);
DbgPrint("BaseAddress---------------:%p\n", mbi.BaseAddress);
DbgPrint("Protect-------------------:%p\n", mbi.Protect);
DbgPrint("RegionSize----------------:%p\n", mbi.RegionSize);
DbgPrint("State---------------------:%p\n", mbi.State);
DbgPrint("Type----------------------:%p\n", mbi.Type);
DbgPrint("NtQueryVirtualMemory:%p\n", NtQueryVirtualMemory);
DbgPrint("PID:%X\n", PID);
DbgPrint("ProcessHandle:%X\n", ProcessHandle);
status = STATUS_SUCCESS;
break;
Last edited by Chen172030238; 11-03-2019 at 02:31 AM.