I am debugging an issue in a usermode process and it would be really helpful to be able to modify the contents of a data buffer. Unfortunately the buffer has it’s permissions set to read only so all attempts to set the contents of the buffer through windbg commands (e, eb, ea, etc) fail. How would I go about changing the permissions so that that I can modify the contents and then changing back as they were before?
the address points to a memory mapped file region of PageFile i dont
think you can make it writeable legitimately
On 3/10/15, xxxxx@gmail.com wrote: > I am debugging an issue in a usermode process and it would be really helpful > to be able to modify the contents of a data buffer. Unfortunately the buffer > has it’s permissions set to read only so all attempts to set the contents of > the buffer through windbg commands (e, eb, ea, etc) fail. How would I go > about changing the permissions so that that I can modify the contents and > then changing back as they were before? > > 0:054:x86> !address 0x0d1e0000 > > > Mapping file section regions… > Mapping module regions… > Mapping PEB regions… > Mapping TEB and stack regions… > Mapping heap regions… > Mapping page heap regions… > Mapping other regions… > Mapping stack trace database regions… > Mapping activation context regions… > > > Usage: MappedFile > Base Address: 0d1e0000 > End Address: 0d260000 > Region Size: 00080000 > State: 00001000 MEM_COMMIT > Protect: 00000002 PAGE_READONLY > Type: 00040000 MEM_MAPPED > Allocation Base: 0d1e0000 > Allocation Protect: 00000002 PAGE_READONLY > Mapped file name: PageFile > > > — > WINDBG is sponsored by OSR > > OSR is hiring!! Info at http://www.osr.com/careers > > For our schedule of WDF, WDM, debugging and other seminars visit: > http://www.osr.com/seminars > > To unsubscribe, visit the List Server section of OSR Online at > http://www.osronline.com/page.cfm?name=ListServer >
the address points to a memory mapped file region of PageFile i dont
think you can make it writeable legitimately.
this is a hack and as such DO NOT use it except in throwaway
configurations for whetting curiosity only (also absolutely untested
in newer os so may not even work )
open a kernel debugging session
convert the virtual address to physical address using !vtop 0
now open the memory window alt+5 change the properties of displayed bytes to physical memory and enter the physical address you just got translated
write your data to physical memory
this should now reflect in the user mode debugging session
writing to physical memory (cached . uncached , and write cached can yield disastorous results so be warned and writing to physical memory can also fail)
On 3/10/15, xxxxx@gmail.com wrote: > I am debugging an issue in a usermode process and it would be really helpful > to be able to modify the contents of a data buffer. Unfortunately the buffer > has it’s permissions set to read only so all attempts to set the contents of > the buffer through windbg commands (e, eb, ea, etc) fail. How would I go > about changing the permissions so that that I can modify the contents and > then changing back as they were before? > > 0:054:x86> !address 0x0d1e0000 > > > Mapping file section regions… > Mapping module regions… > Mapping PEB regions… > Mapping TEB and stack regions… > Mapping heap regions… > Mapping page heap regions… > Mapping other regions… > Mapping stack trace database regions… > Mapping activation context regions… > > > Usage: MappedFile > Base Address: 0d1e0000 > End Address: 0d260000 > Region Size: 00080000 > State: 00001000 MEM_COMMIT > Protect: 00000002 PAGE_READONLY > Type: 00040000 MEM_MAPPED > Allocation Base: 0d1e0000 > Allocation Protect: 00000002 PAGE_READONLY > Mapped file name: PageFile > > > — > WINDBG is sponsored by OSR > > OSR is hiring!! Info at http://www.osr.com/careers > > For our schedule of WDF, WDM, debugging and other seminars visit: > http://www.osr.com/seminars > > To unsubscribe, visit the List Server section of OSR Online at > http://www.osronline.com/page.cfm?name=ListServer >