开发者

Why are there functions like WriteProcessMemory available?

开发者 https://www.devze.com 2023-02-01 20:03 出处:网络
Title pretty much sums it up. I just found out about this function and well, it surprised me it existed as immediately the possible securit开发者_运维技巧y consequences sprung into mind.

Title pretty much sums it up. I just found out about this function and well, it surprised me it existed as immediately the possible securit开发者_运维技巧y consequences sprung into mind.

Why is there such a function? I understand that for debugging something like this is more or less necessary but allowing it for all processes seems like a big security problem.

Am I missing something?


If the function is needed to write a debugger, then the function must exist, it's as simple as that. The hProcess argument must have been opened with sufficient privileges to write into the process, and it will be difficult for malware to do that.


If you read the MSDN documentation for WriteProcessMemory you will see,

hProcess [in]
A handle to the process memory to be modified. 
handle must have PROCESS_VM_WRITE and PROCESS_VM_OPERATION access to the process.

So you already have to have access to the process you want to modify. So the users can't mess with each other's processes using this function.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号