Different memory dumps generated by being internal/external to a process

I have been playing around lately with memory dumping and stumbled upon something that I didn't fully understand.

If I have a process and dump its memory contents by using VirtualQueryEx & ReadProcessMemory to grab the data and dump it to a file everything is ok. Meanwhile, I have tried doing the same thing by being internal to the process and doing VirtualQuery and just dumping the contents of the pointers it returns. I was able to do this by proxying one of the DLLs of the process I am testing on. Now, the problem is that these two memory dumps are different ( missing areas from the dump crea开发者_如何学Pythonted from inside the process ) Could somebody enlighten me as to why this is happening ? Windows XP SP3 + Visual Studio 2008 Thank you very much.

---

What do you need to dump? Speaking about all the memory pages that are allocated by the process then I think that you can get different values because of the internal process state that is (in general) unique per time. Also, if you are dumping process's memory outside the process then the dumper's code is not in the dumping process address space while if you are dumping process from inside the process, the process now includes the dumper's code. So, it may be useful to dump only certain number of pages belongs to process application or DLL's.