Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

VirtualQuery dumping manually mapped pages

big_coder
big_coder
in Programming and Coding

Featured Replies

Posted

Hello. I'm trying to use VirtualQuery to scan for manually mapped / loaded without LoadLibrary DLL pages inside of a process. I'm scanning between the maximum and minimum application addresses from GetSystemInfo, and increment the current address passed into VirtualQuery each loop itteration by RegionSize from MEMORY_BASIC_INFORMATION; My question is, what checks should I put on MBI allocationbase, state, protect, type etc. in order to find manually mapped pages of the DLL in the process. In the end I want to be able to dump the pages of the .text, .rdata, .data, etc. segments from the process for further analysis.

Edited by big_coder

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.