PLEASE HELP: WriteProcessMemory AV 
Author Message
 PLEASE HELP: WriteProcessMemory AV

PLEASE HELP... THANKS!!

reading a byte from a remote process is ok but got an access violation when
trying to write it back. hp (the remote process) was opened with
PROCESS_ALL_ACCESS. image_base was obtained from MapAndLoad.

  ReadProcessMemory(hp,(LPCVOID)image_base,&byte,1,&dwRead); // OK
WriteProcessMemory(hp,(LPVOID)image_base,&byte,1,&dwWrite); // failed with
ERROR_NOACCESS (Invalid access to memory location)



Wed, 01 Oct 2003 09:54:00 GMT  
 PLEASE HELP: WriteProcessMemory AV
ok i found the problem. i walked the process virtual address space and found
out the access protection of the pages in the region for allocation base
started at 0x400000 (image_base) is PAGE_READONLY.

let me tell you want i want to do:
i want to run the code of process, say P1, in the context of another
process, say P2. the way i am trying to do this is:
1. createprocess P1, CREATE_SUSPEND
2. createprocess P2, CREATE_SUSPEND
3. copy P1's process address space to P2's process addr space
4. resumethread (p2.mainthread)

any idea whether this is possible?

thanks...


Quote:
> PLEASE HELP... THANKS!!

> reading a byte from a remote process is ok but got an access violation
when
> trying to write it back. hp (the remote process) was opened with
> PROCESS_ALL_ACCESS. image_base was obtained from MapAndLoad.

>   ReadProcessMemory(hp,(LPCVOID)image_base,&byte,1,&dwRead); // OK
> WriteProcessMemory(hp,(LPVOID)image_base,&byte,1,&dwWrite); // failed with
> ERROR_NOACCESS (Invalid access to memory location)



Wed, 01 Oct 2003 10:30:37 GMT  
 PLEASE HELP: WriteProcessMemory AV
        I wouldn't expect any system to let you do that sort of thing.  
After all, if the system let you write back to another process, what is
to
say that the other process has no special privs that would let it damage
the system?  If there is some executable that you want to run in your
process,
you can do that. But I don;t think that any system is going to let you
pull out segments of code and execute them sleectively in another
process.

Speaking only for myself,

Joe Durusau

Quote:

> ok i found the problem. i walked the process virtual address space and found
> out the access protection of the pages in the region for allocation base
> started at 0x400000 (image_base) is PAGE_READONLY.

> let me tell you want i want to do:
> i want to run the code of process, say P1, in the context of another
> process, say P2. the way i am trying to do this is:
> 1. createprocess P1, CREATE_SUSPEND
> 2. createprocess P2, CREATE_SUSPEND
> 3. copy P1's process address space to P2's process addr space
> 4. resumethread (p2.mainthread)

> any idea whether this is possible?

> thanks...



> > PLEASE HELP... THANKS!!

> > reading a byte from a remote process is ok but got an access violation
> when
> > trying to write it back. hp (the remote process) was opened with
> > PROCESS_ALL_ACCESS. image_base was obtained from MapAndLoad.

> >   ReadProcessMemory(hp,(LPCVOID)image_base,&byte,1,&dwRead); // OK
> > WriteProcessMemory(hp,(LPVOID)image_base,&byte,1,&dwWrite); // failed with
> > ERROR_NOACCESS (Invalid access to memory location)



Fri, 03 Oct 2003 21:53:50 GMT  
 PLEASE HELP: WriteProcessMemory AV

Quote:
> I wouldn't expect any system to let you do that sort of thing.
> After all, if the system let you write back to another process, what is
> to
> say that the other process has no special privs that would let it damage
> the system?  If there is some executable that you want to run in your
> process,
> you can do that. But I don;t think that any system is going to let you
> pull out segments of code and execute them sleectively in another
> process.

It's possible: this is how de{*filter*}s work.

Perhaps WriteProcessMemory is only possible if you're debugging that
process.



Mon, 06 Oct 2003 06:03:53 GMT  
 PLEASE HELP: WriteProcessMemory AV
In order to use WriteProcessMemory or ReadProcessMemory you must have
PROCESS_VM_WRITE and/or PROCESS_VM_READ access when you originally get the
process handle.  De{*filter*}s work that way.

--
Michael Taylor,MCP
DCS Corp.


Quote:


> > I wouldn't expect any system to let you do that sort of thing.
> > After all, if the system let you write back to another process, what is
> > to
> > say that the other process has no special privs that would let it damage
> > the system?  If there is some executable that you want to run in your
> > process,
> > you can do that. But I don;t think that any system is going to let you
> > pull out segments of code and execute them sleectively in another
> > process.

> It's possible: this is how de{*filter*}s work.

> Perhaps WriteProcessMemory is only possible if you're debugging that
> process.



Mon, 06 Oct 2003 18:10:17 GMT  
 PLEASE HELP: WriteProcessMemory AV
This is definitely possible
if under windows nt/2k use api "CreateRemoteThread()". this function lets u
create ur thread in another processes address space ....
windows9x/me ignores this api

navin


Quote:
> ok i found the problem. i walked the process virtual address space and
found
> out the access protection of the pages in the region for allocation base
> started at 0x400000 (image_base) is PAGE_READONLY.

> let me tell you want i want to do:
> i want to run the code of process, say P1, in the context of another
> process, say P2. the way i am trying to do this is:
> 1. createprocess P1, CREATE_SUSPEND
> 2. createprocess P2, CREATE_SUSPEND
> 3. copy P1's process address space to P2's process addr space
> 4. resumethread (p2.mainthread)

> any idea whether this is possible?

> thanks...



> > PLEASE HELP... THANKS!!

> > reading a byte from a remote process is ok but got an access violation
> when
> > trying to write it back. hp (the remote process) was opened with
> > PROCESS_ALL_ACCESS. image_base was obtained from MapAndLoad.

> >   ReadProcessMemory(hp,(LPCVOID)image_base,&byte,1,&dwRead); // OK
> > WriteProcessMemory(hp,(LPVOID)image_base,&byte,1,&dwWrite); // failed
with
> > ERROR_NOACCESS (Invalid access to memory location)



Tue, 07 Oct 2003 13:24:28 GMT  
 
 [ 6 post ] 

 Relevant Pages 

1. Please help!!!!Please help!!!!Please help!!!!Please help!!!!Please help!!!!Please help!!!!Please help!!!!

2. Please help!!!!Please help!!!!Please help!!!!

3. ReadProcessMemory() and WriteProcessMemory() syntax

4. why WriteProcessMemory function fails?

5. WriteProcessMemory

6. Read/WriteProcessMemory

7. NEED HELP WITH PRITING AN ARRAY, PLEASE PLEASE HELP

8. PLEASE PLEASE HELP HELP...question on interleaving C functions

9. help: Guru needed please please please

10. AV API

11. Array'er av funksjonspekere

12. BUG: IIS Causes AV when a COM+ component IApplicationObject, IContextProperties

 

 
Powered by phpBB® Forum Software