Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Reading/Writing to Physical Memory

Yuval_OhanaYuval_Ohana Member Posts: 1
Hello, im building a ring0 kmdf driver.
I am using KeStackAttachProcess to read virtual memory of a specific process.
The problem is, i do not seem to have write permissions to the specific memory area id like to change.
Iv'e tried using NtVirtualProtect but it does not seem to work.

I assumed as kernel id have write access to whichever address i wanted, but i dont seem to have that priviledge.

I thought about, since i can read from the process, reading all physical memory (4GB of ram in my case) - and searching for the specific thing i want to change, and somehow writing over it.

Can anyone please point me in the right direction to doing such thing or an alternative?
Thanks, Yuval.

Comments

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Internals & Software Drivers 7 February 2022 Live, Online
Kernel Debugging 21 March 2022 Live, Online
Developing Minifilters 23 May 2022 Live, Online
Writing WDF Drivers 12 September 2022 Live, Online