Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting... Please check out the Community Guidelines in the
Announcements and Administration Category.

Reading/Writing to Physical Memory

Hello, im building a ring0 kmdf driver.
I am using KeStackAttachProcess to read virtual memory of a specific process.
The problem is, i do not seem to have write permissions to the specific memory area id like to change.
Iv'e tried using NtVirtualProtect but it does not seem to work.

I assumed as kernel id have write access to whichever address i wanted, but i dont seem to have that priviledge.

I thought about, since i can read from the process, reading all physical memory (4GB of ram in my case) - and searching for the specific thing i want to change, and somehow writing over it.

Can anyone please point me in the right direction to doing such thing or an alternative?
Thanks, Yuval.

Comments

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!