VirtualAllocEx Issues in 64 Bit
zcanann opened this issue · 1 comments
VirtualAllocEx takes an lpAddress parameter, which is optional. If left as IntPtr.Zero, a page of memory will be randomly allocated. However, if a value is provided, an attempt will be made to allocate memory at that address.
This is subject to some constraints:
- The address must be aligned by 0x10000 (65536)
- The address must be unused
- There must be enough space
- The address must be within range of +/- 2^32 from any instructions that will reference it, for the reasons below.
The issue is that in a 64 bit process when calling CreateCodeCave from a script, our address space is 2^64, however code caves will not work if the jump distance is greater than the range of a far jump (2^32) in x86/x64 assembly.
Everything works fine, except occasionally our call to VirtualAllocEx with lpAddress set to a free region of memory which meets the above constraints sometimes fails
There is a workaround in place right now that sets an arbitrary retry count and tries random available regions of memory until one succeeds. This seems to be fine for now, but I'd like to understand and solve the issue.