tag:blogger.com,1999:blog-5036198523690297182.post8178621234443553732..comments2024-02-05T00:25:13.117-08:00Comments on waliedassar: Defeating Memory Breakpointswaliedhttp://www.blogger.com/profile/18278414703959705421noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-5036198523690297182.post-53864886440047339152014-03-07T14:46:31.782-08:002014-03-07T14:46:31.782-08:00Ok, I did some more investigation. It has to do wi...Ok, I did some more investigation. It has to do with DEP, check this http://pastebin.com/kfPRReX5Mr. eXoDiahttps://www.blogger.com/profile/17652517443977382071noreply@blogger.comtag:blogger.com,1999:blog-5036198523690297182.post-82796592324231770382014-03-07T14:46:22.181-08:002014-03-07T14:46:22.181-08:00Ok, I did some more investigation. It has to do wi...Ok, I did some more investigation. It has to do with DEP, check this http://pastebin.com/kfPRReX5Mr. eXoDiahttps://www.blogger.com/profile/17652517443977382071noreply@blogger.comtag:blogger.com,1999:blog-5036198523690297182.post-26962740305511727722014-03-07T13:57:58.392-08:002014-03-07T13:57:58.392-08:00Great article! There is one thing however, Excepti...Great article! There is one thing however, ExceptionRecord.ExceptionInformation[0] is not always equal to 8, sometimes it's equal to 0 (especially on 32-bit OS)<br /><br />GreetingsMr. eXoDiahttps://www.blogger.com/profile/17652517443977382071noreply@blogger.comtag:blogger.com,1999:blog-5036198523690297182.post-35565166290833505642014-03-07T13:56:54.296-08:002014-03-07T13:56:54.296-08:00really interesting article, there is however a str...really interesting article, there is however a strange thing with memory breakpoints, the ExceptionRecord.ExceptionInformation[0] can also equal to 1 when a page is executed.<br /><br />GreetingsMr. eXoDiahttps://www.blogger.com/profile/17652517443977382071noreply@blogger.comtag:blogger.com,1999:blog-5036198523690297182.post-79649720268273655722013-08-04T12:16:43.146-07:002013-08-04T12:16:43.146-07:00Thanks a lot for this article :) really helped me ...Thanks a lot for this article :) really helped me understand how memory breakpoints are handled :) Adwiteeya Agrawalhttp://adwiteeya.com/blognoreply@blogger.comtag:blogger.com,1999:blog-5036198523690297182.post-6018803005331349362012-12-26T12:11:22.201-08:002012-12-26T12:11:22.201-08:00Thanks for leaving me this comment. Yes, this is t...Thanks for leaving me this comment. Yes, this is true, reading the whole process's SizeOfImage is not a best practice. <br /><br />But if you are protecting your own app against memory breakpoints, you should already know how much SizeOfImage is there and accordingly use ReadProcessMemory(whole SizeOfImage) or ReadProcessMemory(One page/chunk at a time);<br /><br /><br />By the way, many memory dumping tools still use ReadProcessMemory(SizeOfImage); to dump memory of target process :) waliedhttps://www.blogger.com/profile/18278414703959705421noreply@blogger.comtag:blogger.com,1999:blog-5036198523690297182.post-5705692689119425902012-12-26T00:20:30.689-08:002012-12-26T00:20:30.689-08:00I think reading hole process memory that some time...I think reading hole process memory that some times may be big size isn't good idea and may be cause using high memory space.SadeghPMhttps://www.blogger.com/profile/09397894249004808186noreply@blogger.com