flat assembler
Message board for the users of flat assembler.
 Home   FAQ   Search   Register 
 Profile   Log in to check your private messages   Log in 
flat assembler > High Level Languages > How to edit memory of usermode program from driver?(windows)

Author
Thread Post new topic Reply to topic
xDOBORAx



Joined: 09 Jun 2013
Posts: 24
How to edit memory of usermode program from driver?(windows)
for example there is string "hello world\0" in usermode program at virtual address 0x0000f000 how to edit that string from driver ?
i know that chars can be noncontinuous if we look from physical memory but i dont care how to edit at least first char ? or how to edit integer for example ?
how to convert virtual address to physical ?
thanks in advance.

_________________
Image
Post 13 Jun 2013, 15:01
View user's profile Send private message Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1904
> know that chars can be noncontinuous if we look from physical memory

Minimal page size is 4 KiB so your 12 Byte's at VA $0000'F000 (???) will be continuous.

> how to convert virtual address to physical ?

Find out what value (physical address) the victim app has in CR3. Please send me your virus when it's done (encrypt it well otherwise I won't be able to get it).
Post 18 Jun 2013, 00:37
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
The best way is always to use another app/dll that talks (IO) to the driver.
Post 18 Jun 2013, 04:06
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2005 phpBB Group.

Main index   Download   Documentation   Examples   Message board
Copyright © 2004-2016, Tomasz Grysztar.