Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why not use HeapAlloc? #2

Open
RcoIl opened this issue Mar 4, 2021 · 1 comment
Open

Why not use HeapAlloc? #2

RcoIl opened this issue Mar 4, 2021 · 1 comment

Comments

@RcoIl
Copy link

RcoIl commented Mar 4, 2021

Why not use HeapAlloc?

IntPtr pHeapCreate = DInvoke.DynamicInvoke.Generic.GetExportAddress(pkernel32, "HeapCreate");
IntPtr pHeapAlloc = DInvoke.DynamicInvoke.Generic.GetExportAddress(pkernel32, "HeapCreate");
@ChoiSG
Copy link
Owner

ChoiSG commented Mar 4, 2021

Thank you for the feedback, this actually lead me into a rabbit hole. Not using HeapAlloc was a typo/mistake from my end. However, trying to get the PoC working with HeapCreate and HeapAlloc was unsuccessful due to AccessViolationException. I tried debugging the problem, but was not able to solve it.

The solution I came up with was to drop HeapAlloc and just simply use HeapCreate. Since I'm a beginner in using unmanaged code like c/c++ (or winapi), I'm not sure why this works. I always thought you need to first create the private heap object with HeapCreate, and then allocate memory inside that private heap object using HeapAlloc.

If anyone knows about this, please let me know.

Thank you again for providing feedback; I didn't realize this mistake before, quite embarrassing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RcoIl @ChoiSG