Title pretty much sums it up. I just found out about this function and well, it surprised me it existed as immediately the possible securit开发者_运维技巧y consequences sprung into mind.
Why is there such a function? I understand that for debugging something like this is more or less necessary but allowing it for all processes seems like a big security problem.
Am I missing something?
If the function is needed to write a debugger, then the function must exist, it's as simple as that. The hProcess argument must have been opened with sufficient privileges to write into the process, and it will be difficult for malware to do that.
If you read the MSDN documentation for WriteProcessMemory
you will see,
hProcess [in]
A handle to the process memory to be modified.
handle must have PROCESS_VM_WRITE and PROCESS_VM_OPERATION access to the process.
So you already have to have access to the process you want to modify. So the users can't mess with each other's processes using this function.
精彩评论