VirtualAlloc failed

Question

I want to set my own ImageBase to 0x2000000, and then read another EXE program to its ImageBase, of course, usually 0x400000, but when I use VirtualAlloc to apply for space, it always fails, GetLastError is 0x1e7 (487), Of course, I also tried to load only the ntdll.dll program, the same failure, how to solve it?

Part of the code below：

 DWORD dwImageBase = pNtHeader->OptionalHeader.ImageBase;

            LPVOID lpImageBuff = ::VirtualAlloc((PVOID)(dwImageBase), pNtHeader->OptionalHeader.SizeOfImage, MEM_RESERVE, PAGE_READWRITE);
            if (NULL == lpImageBuff)
            {
                ::MessageBox(NULL,_T("Application for ImageBase failed!!!"),_T("ERROR"),MB_ICONSTOP | MB_OK); 
                return;
            }

score 0 · Answer 1 · answered Mar 18 '19 at 06:59

0x1e7 is ERROR_INVALID_ADDRESS

The address where you're trying to reserve memory is already in use - by your own image.

See the SysInternals tool VMmap.

The usual way to use VirtualAlloc for MEM_RESERVE, or MEM_RESERVE | MEM_COMMIT , is to use 0 for its first argument. This allows the API to pick a free region of virtual address space.

VirtualAlloc failed

1 Answers1