do not rely on the exact size during VALLOC and do not manually calculate the page size (which was done wrong) since it is done by the OS

author: Toni Uhlig <matzeton@googlemail.com> 2019-09-21 20:00:17 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2019-09-21 20:00:17 +0200
commit: 620c880bfaf495ed4f5a9d505d5721208855396c (patch)
tree: 65014564b3d5e01195713de120f9f29b6f91a507
parent: f069b7afbc6f9c7daed8f69642f9054d86f774e6 (diff)
2 files changed, 1 insertions, 2 deletions
diff --git a/KMemDriver/Memory.c b/KMemDriver/Memory.c
index 7a571ea..d9c46e7 100644
--- a/KMemDriver/Memory.c
+++ b/KMemDriver/Memory.c
@@ -289,7 +289,6 @@ NTSTATUS AllocMemoryToProcess(IN PEPROCESS pep, IN OUT PVOID *baseAddr, IN OUT S
 	if (!apc) {
 		return STATUS_UNSUCCESSFUL;
 	}
-	*outSize = ADDRESS_AND_SIZE_TO_SPAN_PAGES(*baseAddr, 4096);
 	KeStackAttachProcess((PRKPROCESS)pep, apc);
 	status = ZwAllocateVirtualMemory(ZwCurrentProcess(), baseAddr, 0, outSize, MEM_COMMIT, protect);
 	if (!NT_SUCCESS(status)) {
diff --git a/MemDriverLib/MemDriverLib.cpp b/MemDriverLib/MemDriverLib.cpp
index 0c985c3..e1d56d1 100644
--- a/MemDriverLib/MemDriverLib.cpp
+++ b/MemDriverLib/MemDriverLib.cpp
@@ -212,7 +212,7 @@ bool KInterface::VAlloc(HANDLE targetPID, PVOID *address, SIZE_T *size, ULONG pr
 	if (SendRecvWait(MEM_VALLOC) == SRR_SIGNALED) {
 		m_last_ntstatus = vr->StatusRes;
 		if (vr->StatusRes ||
-			vr->SizeRes != *size)
+			vr->SizeRes < *size)
 		{
 			std::stringstream err_str;
 			err_str << "Call VAlloc(0x" << std::hex << *address
author	Toni Uhlig <matzeton@googlemail.com>	2019-09-21 20:00:17 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2019-09-21 20:00:17 +0200
commit	620c880bfaf495ed4f5a9d505d5721208855396c (patch)
tree	65014564b3d5e01195713de120f9f29b6f91a507
parent	f069b7afbc6f9c7daed8f69642f9054d86f774e6 (diff)