getSizeOfImageProcessNative() not work #53
Description
so, this function always not work, struct MEMORY_REGION_INFORMATION invalid (sizeof)
I fixed this structure as
typedef struct _MEMORY_REGION_INFORMATION
{
PVOID AllocationBase; //Imagebase
ULONG AllocationProtect;
ULONG RegionType;
SIZE_T RegionSize; //Size of image
SIZE_T CommitSize;
ULONG_PTR PartitionId; // 19H1
ULONG_PTR NodePreference; // 20H1
} MEMORY_REGION_INFORMATION, *PMEMORY_REGION_INFORMATION;
and function getSizeOfImageProcessNative() worked correct after this changle
SIZE_T ProcessAccessHelp::getSizeOfImageProcessNative( HANDLE processHandle, DWORD_PTR moduleBase )
{
MEMORY_REGION_INFORMATION memRegion = {0};
SIZE_T retLen = 0;
if (NativeWinApi::NtQueryVirtualMemory(processHandle, (PVOID)moduleBase, MemoryRegionInformation, &memRegion, sizeof(MEMORY_REGION_INFORMATION), &retLen) == STATUS_SUCCESS)
{
return memRegion.RegionSize;
}
return 0;
}