Index
> Windows > Map memory from one process into another?Goto page Previous 1, 2 |
| Is this easier on other OSs? | ||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
| Total Votes : 5 |
| Author |
|
|
Azu 21 Aug 2009, 01:43
Hmm.. I can't even get that damn "CreateFileMapping" even if I do run my code in the remote process.. the memory from it is always blank? Wtf? Is it reserving blank memory instead of accessing the memory that's already there!?
r22 wrote: OpenProcess ->  Also, for the lpAddress attribute, it says "The pointer that specifies a desired starting address for the region of pages that you want to allocate.".. by "desired" does it mean it might not start there? Like even if I explicitly put $400000 it won't consistently give me access starting from the base address? It could go to $1234567 for all I know? What am I supposed to do with that? |
|||
21 Aug 2009, 01:43 |
|
|
Feryno 21 Aug 2009, 07:35
- at first obtain memory map using VirtualQueryEx
- then you can read/write mapped memory using ReadProcessMemory / WriteProcessMemory for both you need a handle to the process (use OpenProcess to obtain it) and access privileges high enough |
|||
|
21 Aug 2009, 07:35 |
|
|
Azu 21 Aug 2009, 07:37
Thanks.. so the way to read and write from a remote process without using ReadProcessMemory and WriteProcessMemory each time is to use ReadProcessMemory and WriteProcessMemory each time.. fantastic! That is the most insightful answer I have ever gotten, to anything, ever. Really. What can I do to ever repay you for your magnificent breakthrough in logic? I think I will be forever indebted to you. I love this forum so VERY much more now!
Please can I have your autograph? You're sure to win several Nobel Peace Prizes with your abilities so I think it will be worth quite a lot of money some day. [/VERY heavy sarcasm] |
|||
|
21 Aug 2009, 07:37 |
|
|
Defsanguje 21 Aug 2009, 09:34
How about ZwMapViewOfSection? It's available for usermode but I've never used it though... And the name sounds promising. Take look at it
 Last edited by Defsanguje on 21 Aug 2009, 10:19; edited 1 time in total |
|||
|
21 Aug 2009, 09:34 |
|
|
revolution 21 Aug 2009, 09:50
Azu wrote: Thanks.. so the way to read and write from a remote process without using ReadProcessMemory and WriteProcessMemory each time is to use ReadProcessMemory and WriteProcessMemory each time.. fantastic! That is the most insightful answer I have ever gotten, to anything, ever. Really. What can I do to ever repay you for your magnificent breakthrough in logic? I think I will be forever indebted to you. I love this forum so VERY much more now! |
|||
|
21 Aug 2009, 09:50 |
|
|
Azu 21 Aug 2009, 10:30
revolution wrote: That was uncalled for Azu. Try to be more forgiving. People here are trying to help you, don't attack them. 
Defsanguje wrote: How about ZwMapViewOfSection? It's available for usermode but I've never used it though... And the name sounds promising. Take look at it |
|||
|
21 Aug 2009, 10:30 |
|
|
blacky 05 Oct 2009, 22:19
Use Remot Threads
Last edited by blacky on 05 Oct 2009, 22:48; edited 2 times in total |
|||
|
05 Oct 2009, 22:19 |
|
|
Azu 05 Oct 2009, 22:24
I do. But there are more than one and they need to communicate efficiently.
|
|||
|
05 Oct 2009, 22:24 |
|
|
blacky 05 Oct 2009, 22:46
Remote Threads utilizing a Shared MEmory is what comes to mind for me.
HEres what my head is thnking. Create a unique method in the Mapped Section that all the threads can communicate from, the shared memories purpose to successully maintain this communication, working as a middle man in some sense, (You could also try Piping) The concet sounds simple but it actually is quite task to have multiple Threads work in such a remote way, but it souns like something fun to try i guess |
|||
|
05 Oct 2009, 22:46 |
|
|
Azu 06 Oct 2009, 00:07
What I mean is, I need to map the memory of the processes, so I can access it directly. Running a thread in each of them and trying to get the threads to talk to eachother is slow/inefficient/buggy(race conditions)..
|
|||
|
06 Oct 2009, 00:07 |
|
|
blacky 06 Oct 2009, 01:48
ok this is it
Code: Process1 | |Process2 | | | |________ | |____________ |Mapped MEM Region |-- --------> |Mapped from p!| |________ |move to P2 | | | | | | | | | | So you want to map some(all?) memory from one process into another? Sounds like a fun project, Have you tried using the Mapping API's MapView the region of memory, Allocating it first then Mapping it, after this i would dump the view as raw data then loading it into the other process using the same functions, Allocating and Mapping the data to read it from P2. If this still isnt anything close to what youre trying to do then ill probably go for this since it does sseem like a fun way to edit memory "remotely". Cause after you have the actual data you can edit it, then inject it back into the remote process, although there are a bunch of drawbacks to it, still..some good POC could come out of t
EDT: If your emphasis is on DIRECTLY wrting to these processes then my idea is just an idea and no help to you at all.. :< |
|||
|
06 Oct 2009, 01:48 |
|
|
Azu 30 Oct 2009, 19:03
Ack, sorry. I wasn't ignoring you. This board keeps unsubscribing me from threads for no reason >_>;
I meant directly. Like have the address range C through D in process 2 point to the same memory as address range A through B in process 1. And I want to do this to a whole bunch of processes. |
|||
|
30 Oct 2009, 19:03 |
|
| Goto page Previous 1, 2 < Last Thread | Next Thread > |
Forum Rules:
|