Just a hint: VMM (Virtual Memory Manager) is a Windows kernel component responsible for all kind of operations with or related to virtual address spaces. As long as this is about kernel's very private mechanisms, frankly, I doubt anybody here is aware of decent details beyond what Windows Internals provides.
Thread: Is there anyone who can help me with ReadProcessMemory() ?  |
|||||||||||||
|
Started 1 month, 2 weeks ago by Zaccheus@Work
No idea how it does it, but does the OS need to do something similar when it reads/writes to/from the page file?
|
|
||||||||||||
|
|||||||||||||
Other posts in this thread:
Igor Vartanov replied 1 month, 2 weeks ago
Size: 427 bytes
Customize: 
Igor Vartanov replied 1 month, 2 weeks ago
Quote:
Originally Posted by EnthusiasticNewbie
In the function, Does it create a thread to search into other process memory ?
Well, why would it do? What's so special in a thread that would help "to search into other process memory"?
The whole thing seems to me way too simpler. The ReadProcessMemory call ...
Size: 1,676 bytes
Customize:
EnthusiasticNewbie replied 1 month, 2 weeks ago
U always help me thanks!
The reason I was curious of such mechanism was that to read from or write to other process memory, To do so, one process should know the address space of others but even in processor itself can't know about the address spaces of others that is not running currently. I heard only something in CPU resolves virtual addresses to physical addresss using address to page...
Size: 2,090 bytes
Customize:
Igor Vartanov replied 1 month, 2 weeks ago
You definitely have to refer to Russinovich's Windows Internals , where you can find those sacral page tables and CR3 registers... Funny thing, I recommend this reading second time this week.
BTW, I do not understand your confusing about context switching. Are you as well confused about dispatcher being able to switch between scheduled and preempted thread contexts? It definitely ...
Size: 1,342 bytes
Customize:
Randor replied 1 month, 2 weeks ago
Hi,
A quick summary of what happens when you call ReadProcessMemory():
1.) ReadProcessMemory Calls NtReadVirtualMemory in NTDLL.DLL
2.) NtReadVirtualMemory passes through the SYSENTER/2Eh callgate and KeServiceDescriptorTable handler.
3.) ntoskrnl.exe calls ZwReadVirtualMemory for your application.
4.) ZwReadVirtualMemory reads the process memory and writes it into the buffer you ...
Size: 1,313 bytes
Customize:
EnthusiasticNewbie replied 1 month, 1 week ago
Thank you guys !
I feel very thanksful to your replys!
and I think I have to read Windows Internals as you guys recommended
thanks again
have a good time !
P.S I have one more question..
As I asked, Is there any kernel mode method or command to access physical memory directly ?
Igor asked if I'm confused of context switching but It's not that I'm confused of that..
Losing...
Size: 1,020 bytes
Customize:
|
Top contributing authorsRelated threads on "CodeGuru Forums - A Developer.com Community for C++, C#, VB, Java and .NET Solutions":Related threads on other sites: |
||||||||||||
Thread profile page for "Is there anyone who can help me with ReadProcessMemory() ?" on http://www.codeguru.com.
This report page is a snippet summary view from a single thread "Is there anyone who can help me with ReadProcessMemory() ?", located on the Message Board at http://www.codeguru.com.
This thread profile page shows the thread statistics for: Total Authors, Total Thread Posts, and Thread Activity
Home |
About Us |
Submit Your Site |
Update Your Site |
Get Search For Your Site |
Partners |
Contact |
Search Plugin |
Blog |
 |
Last Searches | Top Searches |
Designated brands and trademarks are property of their respective owners.
Use of this website constitutes acceptance of BoardReader's User Agreement and Privacy Policy.