WriteProcessMemory
From: Sam Hobbs (samuel_at_social.rr.com_change_social_to_socal)
Date: 01/08/05
- Next message: Joe Richards [MVP]: "Re: Password filters"
- Previous message: Bob: "Test post, please disregard"
- Next in thread: Pavel Lebedinsky: "Re: WriteProcessMemory"
- Reply: Pavel Lebedinsky: "Re: WriteProcessMemory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 7 Jan 2005 16:43:42 -0800
Is there any security reason to not use WriteProcessMemory?
I assume there is, but I can't find anything saying so.
I know of two well-respected programmers in each of two programming forums
that insist that WriteProcessMemory and ReadProcessMemory are valid IPC
mechanisms. I assume that if they were valid and worth recommending to
others that they be used, that they would be listed in the IPC section of
the SDK documentation.
I found one thing that is close to the type of thing I am looking for; see
"The arms race between programs and users" at:
http://blogs.msdn.com/oldnewthing/archive/2004/02/16/73780.aspx
which asks: "What's to prevent a virus from doing the same thing?"
I don't understand Windows security well enough to be authoritive, but I
know that WriteProcessMemory requires PROCESS_VM_WRITE and
PROCESS_VM_OPERATION access. I assume that most programmers need to have
that level of access and also debug access (which includes the others?) in
order to debug their programs. For most non-programmer users, it is best to
avoid use of these access rights, right? Is it valid for a programmer to
require use of these access rights for use of their programs by others?
- Next message: Joe Richards [MVP]: "Re: Password filters"
- Previous message: Bob: "Test post, please disregard"
- Next in thread: Pavel Lebedinsky: "Re: WriteProcessMemory"
- Reply: Pavel Lebedinsky: "Re: WriteProcessMemory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
