Alternative to C # ReadProcessMemory
I'm trying to execute ReadProcessMemory
in a specific process but uses ObRegisterCallbacks
to prevent another handle from being created on it ( OpenProcess
). I have heard about people creating their own memory reading utilities in C # without ReadProcessMemory
or OpenProcess
. If anyone could show me how I would create such a library that would be awesome (or if I could link to an existing one).
This strictly READS memory, I don't need to write memory to the process
source to share
ReadProcessMemory
and OpenProcess
are part of the official windows API. They actually call other OS functions like ZwReadVirtualMemory
/ NtReadVirtualMemory
and ZwOpenProcess
/ NtOpenProcess
. The problem is that these functions can only be accessed by drivers. However, you can create a software driver (by creating a Kernel Mode Driver (KMDF) or Windows Driver Model (WDM) in Visual Studio). The downside is it's all C ++ and tricky.
You might want to look into an open source C # library called WhiteMagic. This injects the DLL into the process and allows you to read / write memory from the application itself. This is using a OpenProcess
DLL for injection, however it might be possible to replace the injection method with an alternative, for example: https://github.com/dwendt/UniversalInject .
source to share