[Forensics-changes] [yara] 285/415: Improvements and bug fixes in yr_process_get_memory contributed by Robin Keir

[Hilko Bengen]

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to branch debian
in repository yara.

commit 54d1025f8aba5c3df34b7f0abaff3cdafb6b7c11
Author: Victor Manuel Alvarez <vmalvarez at virustotal.com>
Date:   Tue Dec 3 23:58:28 2013 +0100

    Improvements and bug fixes in yr_process_get_memory contributed by Robin Keir
---
 libyara/proc.c | 64 ++++++++++++++++++++++++++++++----------------------------
 1 file changed, 33 insertions(+), 31 deletions(-)

diff --git a/libyara/proc.c b/libyara/proc.c
index 9925622..527dfd1 100644
--- a/libyara/proc.c
+++ b/libyara/proc.c
@@ -74,48 +74,50 @@ int yr_process_get_memory(
 
   address = si.lpMinimumApplicationAddress;
 
-  while (address < si.lpMaximumApplicationAddress)
+  while (VirtualQueryEx(hProcess, address, &mbi, sizeof(mbi)) != 0)
   {
-    if (VirtualQueryEx(hProcess, address, &mbi, sizeof(mbi)) != 0)
+    if (mbi.State == MEM_COMMIT && ((mbi.Protect & PAGE_NOACCESS) == 0))
     {
-      if (mbi.State == MEM_COMMIT && mbi.Protect != PAGE_NOACCESS)
-      {
-        data = (unsigned char*) yr_malloc(mbi.RegionSize);
+      data = (unsigned char*) yr_malloc(mbi.RegionSize);
 
-        if (data == NULL)
-          return ERROR_INSUFICIENT_MEMORY;
+      if (data == NULL)
+        return ERROR_INSUFICIENT_MEMORY;
 
-        if (ReadProcessMemory(hProcess, address, data, mbi.RegionSize, &read))
-        {
-          new_block = (YR_MEMORY_BLOCK*) yr_malloc(sizeof(YR_MEMORY_BLOCK));
+      if (ReadProcessMemory(
+              hProcess,
+              mbi.BaseAddress,
+              data,
+              mbi.RegionSize,
+              &read))
+      {
+        new_block = (YR_MEMORY_BLOCK*) yr_malloc(sizeof(YR_MEMORY_BLOCK));
 
-          if (new_block == NULL)
-          {
-            yr_free(data);
-            return ERROR_INSUFICIENT_MEMORY;
-          }
+        if (new_block == NULL)
+        {
+          yr_free(data);
+          return ERROR_INSUFICIENT_MEMORY;
+        }
 
-          if (*first_block == NULL)
-            *first_block = new_block;
+        if (*first_block == NULL)
+          *first_block = new_block;
 
-          new_block->base = (size_t) mbi.BaseAddress;
-          new_block->size = mbi.RegionSize;
-          new_block->data = data;
-          new_block->next = NULL;
+        new_block->base = (size_t) mbi.BaseAddress;
+        new_block->size = mbi.RegionSize;
+        new_block->data = data;
+        new_block->next = NULL;
 
-          if (current_block != NULL)
-            current_block->next = new_block;
+        if (current_block != NULL)
+          current_block->next = new_block;
 
-          current_block = new_block;
-        }
-        else
-        {
-          yr_free(data);
-        }
+        current_block = new_block;
+      }
+      else
+      {
+        yr_free(data);
       }
-
-      address = (PVOID)((DWORD) mbi.BaseAddress + mbi.RegionSize);
     }
+
+    address = (PVOID)((ULONG_PTR) mbi.BaseAddress + mbi.RegionSize);
   }
 
   return ERROR_SUCCESS;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git