Re: WriteProcessMemory
From: Pavel Lebedinsky (m_pll)
Date: 01/08/05
- Previous message: Joe Richards [MVP]: "Re: Creating Password Filter"
- In reply to: Sam Hobbs: "WriteProcessMemory"
- Next in thread: Sam Hobbs: "Re: WriteProcessMemory"
- Reply: Sam Hobbs: "Re: WriteProcessMemory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 8 Jan 2005 13:06:05 -0800
WriteProcessMemory was designed to be used for debugging not
IPC, and using it as an IPC mechanism is a bit unusual to say the
least.
WriteProcessMemory is not even in the same league as full
blown IPC mechanisms like named pipes, so
it doesn't make
sense to compare them. The next closest thing are memory
mapped files and even compared to them WriteProcessMemory
has a bunch of problems:
1. WriteProcessMemory is fragile because it requires one
process to know the virtual memory layout of another
process.
2. It's all-or-nothing in terms of security. Once you give another
process rights to write stuff to your address space, it can do
anything - corrupt your data, inject code etc. With memory
mapped files two processes can safely share an isolated region
of memory without giving each other rights to read or modify
arbitrary parts of their address space.
3. It's slower. Every time you need to read or write something
you have to make a system call. With memory mapped files
you just read or write directly to memory.
"Sam Hobbs" wrote:
> Is there any security reason to not use WriteProcessMemory?
>
> I assume there is, but I can't find anything saying so.
>
> I know of two well-respected programmers in each of two programming forums
> that insist that WriteProcessMemory and ReadProcessMemory are valid IPC
> mechanisms. I assume that if they were valid and worth recommending to
> others that they be used, that they would be listed in the IPC section of
> the SDK documentation.
>
> I found one thing that is close to the type of thing I am looking for; see
> "The arms race between programs and users" at:
>
> http://blogs.msdn.com/oldnewthing/archive/2004/02/16/73780.aspx
>
> which asks: "What's to prevent a virus from doing the same thing?"
>
> I don't understand Windows security well enough to be authoritive, but I
> know that WriteProcessMemory requires PROCESS_VM_WRITE and
> PROCESS_VM_OPERATION access. I assume that most programmers need to have
> that level of access and also debug access (which includes the others?) in
> order to debug their programs. For most non-programmer users, it is best
> to avoid use of these access rights, right? Is it valid for a programmer
> to require use of these access rights for use of their programs by others?
- Previous message: Joe Richards [MVP]: "Re: Creating Password Filter"
- In reply to: Sam Hobbs: "WriteProcessMemory"
- Next in thread: Sam Hobbs: "Re: WriteProcessMemory"
- Reply: Sam Hobbs: "Re: WriteProcessMemory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
