Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Reading/Writing to Physical Memory

Yuval_OhanaYuval_Ohana Member Posts: 1
Hello, im building a ring0 kmdf driver.
I am using KeStackAttachProcess to read virtual memory of a specific process.
The problem is, i do not seem to have write permissions to the specific memory area id like to change.
Iv'e tried using NtVirtualProtect but it does not seem to work.

I assumed as kernel id have write access to whichever address i wanted, but i dont seem to have that priviledge.

I thought about, since i can read from the process, reading all physical memory (4GB of ram in my case) - and searching for the specific thing i want to change, and somehow writing over it.

Can anyone please point me in the right direction to doing such thing or an alternative?
Thanks, Yuval.

Comments

  • Alex_GrigAlex_Grig Member Posts: 3,238
    Keep in mind that not all memory of a process is mapped.
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!