Theoretical Design Flaw/ Buffer Overflow InsightMemory Native #3
Description
Native InsightMemory Currently defines the native struct it passed to GetProcessMemory as PROCESS_MEMORY_COUNTERS_EX.
This is logical but has these implications. The x86 version of the struct is smaller than the x64 version.
x86 InsightApi Code means
x86 memory fetch: Good.
x64 memory fetch: Theortically will overflow if passing the cb of the x64 bit.
Note: This is untested.
Fix is likely going to be easy. Just use the explicit x64 version of the struct as defined in ObjectAttributesOffset project and adjust the C++ interface accordingly so that x64 memory fetch gets the larger struct while x86 gets the smaller struct.
Note is mainly to remind me to update when I got time.