Reading process memory

[FEARHQ]

Thanks for all the replies guys

My function does succeed in reading the entire block and copying it, that's not really the problem. The problem is the module not playing so nicely with me afterwards :/ I did set the protection to read/write/execute in any case to allow all acces... Perhaps this is deadly when code is actually executing in there, heh.

Shub-Nigurrath, I love the idea to use IsBadReadPtr/IsBadWritePtr to check the memory range for desired access, but wouldn't this simply give you the access rights for YOUR process's pages in that range? I don't see those functions taking in a handle to the target process, but then again I never used them before.

Innocent: Olly is MY debugger of choice, for all debugging and 'other' tasks. There is no direct problem with my code, but aparently the target code doesn't like to be read, or have it's protections changed (haven't really looked at that). The point is that this generic write routine fails by all means with my current target, and so would Shub-Nigurrath's. My workaround was to map the target file to memory and get whatever info I need for there.

On a side note, is there any way to pause execution of the target process? I would probably need to stop all of it's threads, then later resume them... Best would be to save the thread's run state (some may be paused and if they were, they should be paused when I'm done)

[Shub-Nigurrath]

2 FEARHQ

not really using that permissions you can gain access right for any process, even external processes: I used it for a loader which launches an external program and everything works fine.