exe modify self global memory Remote memory msdn write Read Write another Process Memory VirtualProtect

 exe modify self global memory Remote memory msdn write Read Write another Process Memory VirtualProtect
https://docs.microsoft.com/zh-tw/windows/win32/memory/file-mapping?redirectedfrom=MSDN
memory-mapped-file functions in Windows.
https://docs.microsoft.com/zh-tw/windows/win32/api/memoryapi/nf-memoryapi-virtualprotect?redirectedfrom=MSDN
VirtualProtect function (memoryapi.h)
VirtualProtect PAGE_WRITECOPY PAGE_EXECUTE  FlushInstructionCache WriteProcessMemory

https://web.archive.org/web/20100818045200/http://support.microsoft.com/kb/127904
How to Modify Executable Code in Memory
 VirtualProtect PAGE_WRITECOPY   
 PAGE_EXECUTE  
 FlushInstructionCache

https://en.wikipedia.org/wiki/Self-modifying_code

Shared Memory
https://www.codeproject.com/Articles/10275/Remote-Library
Remote Library - CodeProject
VirtualAllocEx VirtualFreeEx NtAllocateVirtualMemory NtFreeVirtualMemory
OpenThread OpenProcess OpenHandle GetProcessId CreateRemoteThread DebugActiveProcess


https://www.labri.fr/perso/betrema/winnt/virtmm.html
 Managing Virtual Memory in Win32

Virtual memory functions     A process's virtual address space
System pagefile
System memory
Hard disk space     "Managing Virtual Memory in Win32"
Memory-mapped file functions     A process's virtual address space
System pagefile
Standard file I/O
System memory
Hard disk space     "Managing Memory-Mapped Files in Win32"
Heap memory functions     A process's virtual address space
System memory
Process heap resource structure     "Managing Heap Memory in Win32"
Global heap memory functions     A process's heap resource structure     "Managing Heap Memory in Win32"
Local heap memory functions     A process's heap resource structure     "Managing Heap Memory in Win32"
C run-time reference library     A process's heap resource structure     "Managing Heap Memory in Win32"

https://docs.microsoft.com/en-us/windows/win32/memory/memory-protection-constants

Memory Protection Constants

https://slideplayer.com/slide/8484293/
Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Unit OS5: Memory Management 5.2. Windows Memory Management.


https://www.codeproject.com/Articles/3161814/x64-Memory-Access-Monitor

Memory access monitor is implemented as DLL that is injected into the target process. I extended command line interface of tool described in my previous article, https://www.codeproject.com/Articles/1266083/x64-API-Hooker-plus-Disassembler to inject our DLL and eject it. I will include the existing source (with some bug fixes; I wonder how it worked now...) with source of monitor DLL. The DLL itself is also 64-bit, however it can become 32-bit with some minor modifications.


void WriteToMemory(int address_writing_to, char* value_to_write, int num_of_bytes)
{
    unsigned long old_protection; // Create a place to store our old protection

    VirtualProtect((LPVOID)address_writing_to, num_of_bytes, PAGE_EXECUTE_READWRITE, &old_protection); // Give me proper access to the memory (and store the old protection in the variable 'old_protection').

    memcpy((LPVOID)address_writing_to, value_to_write, old_protection); // Write our value.

    VirtualProtect((LPVOID)address_writing_to, num_of_bytes, old_protection, NULL); // Restore the protection back to that of 'old_protection'.
}


https://docs.microsoft.com/zh-tw/windows/win32/memory/creating-named-shared-memory

https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-writeprocessmemory

WriteProcessMemory function (memoryapi.h)

global memory Remote memory msdn write Read Write another Process Memory

https://codingvision.net/c-read-write-another-process-memory

using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;

public class MemoryRead
{
    const int PROCESS_WM_READ = 0x0010;

    [DllImport("kernel32.dll")]
    public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);

    [DllImport("kernel32.dll")]
    public static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);


DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);

[DllImport("kernel32.dll", SetLastError = true)]
static extern bool WriteProcessMemory(int hProcess, int lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesWritten);
 

http://waleedassar.blogspot.com/2012/09/pageexecutewritecopy-as-anti-debug-trick.html

 PAGE_EXECUTE_WRITECOPY PAGE_EXECUTE_READWRITE
 
PAGE_READWRITE PAGE_WRITECOPY PAGE_READWRITE

WriteProcessMemory

VirtualQuery

http://code.google.com/p/ollytlscatch/downloads/detail?name=WriteCopy_Trick_.exe

https://pastebin.com/62De887S

int __stdcall ZwQueryInformationProcess(HANDLE,int,void*,unsigned long,unsigned long*);

http://waleedassar.blogspot.com (@waleedassar)

Extending windbg with Page Fault Breakpoints

https://www.codeproject.com/Articles/186230/Extending-windbg-with-Page-Fault-Breakpoints

留言

張貼留言

這個網誌中的熱門文章

algodaily alternative essential algorithms data structures daily coding inspired lintcode

 https://algodaily.com/ essential algorithms  data structures daily coding  inspired  lintcode https://www.makeuseof.com/websites-data-structure-algorithm-coding-challenges/ Websites to Practice Data Structure & Algorithm Coding Challenges     LeetCode.     HackerRank.     Codewars.     Codility.     HackerEarth.     Techie Delight.     InterviewBit. 50+ Data Structure and Algorithms Problems from Coding Interviews - DEV Community
閱讀完整內容