0

My solution in needed only in Win7/8-64bit. Some program (I have no sources, 32-bit) loads some dll's. One of this dll is mine. I would like to search whole process memory with all loaded dll's for existence of some string (I would like to change one byte of this string in all occurrences)

I know there is WinAPI ReadProcessMemory, but since my dll is in the same address space, maybe I could read its memory just like that.

Opening process RAM in HxD program shows that addresses from 0x10000 to 0x21000 is readable. Then 0x41000 is not readable etc. I've tested it, and it gives me Reading Memory error when reading 0x4100 from dll.

Is it possible to read all process data without use of ReadProcessMemory? How to know which addresses are readable?

Dorian
  • 377
  • 5
  • 18
  • If you want change (write) one byte you need write permissions [PAGE_READWRITE](http://msdn.microsoft.com/en-us/library/windows/desktop/aa366786(v=vs.85).aspx) for this memory page. Search by [scanning process memory](http://stackoverflow.com/search?q=scanning+process+memory) – Serg Jan 11 '13 at 10:33
  • [VirtualQuery](http://msdn.microsoft.com/en-us/library/windows/desktop/aa366902(v=vs.85).aspx) is the function I needed. Some example code is here [scanning process memory](http://stackoverflow.com/questions/14130961/scanning-process-memory-causes-crash). Thank You sergmat – Dorian Jan 11 '13 at 10:49

0 Answers0