focht
December 10th, 2004, 15:20
Greetings,
while dumping some arma stuff i noticed that process dumping sometimes fails due to "problematic" page protection attributes.
In this case OllyDump plugins or other tools like LordPE will bring up some error msg "unable to read process memory" or something similar.
The reason is clear for me: the "page guard" attribute has been set on some region which gets triggered on read -> exception handler.
Using LordPE's "dump region" and you will see under protect column the correct page protection attributes: "XR GUARD"
Ollydbg itself displays it as "RW" is plain wrong.
Closing and re-opening memory window doesnt help.
If i adjust page protection manually using "set access" in memory window to "Execute/Read" i can remove the page guard and the process memory can be read by plugins and tools again.
Regards
while dumping some arma stuff i noticed that process dumping sometimes fails due to "problematic" page protection attributes.
In this case OllyDump plugins or other tools like LordPE will bring up some error msg "unable to read process memory" or something similar.
The reason is clear for me: the "page guard" attribute has been set on some region which gets triggered on read -> exception handler.
Using LordPE's "dump region" and you will see under protect column the correct page protection attributes: "XR GUARD"
Ollydbg itself displays it as "RW" is plain wrong.
Closing and re-opening memory window doesnt help.
If i adjust page protection manually using "set access" in memory window to "Execute/Read" i can remove the page guard and the process memory can be read by plugins and tools again.
Regards