Menu
I'm trying to ReadProcessMemory on a certain process but it uses ObRegisterCallbacks to prevent another process to create a handle on it (OpenProcess). I have heard of people creating their own memory reading utilites in C# without ReadProcessMemory or OpenProcess. If anyone could show me how I would go about creating such a library that would be amazing (or if I could be linked to an existing one).
This is strictly READING memory, I do NOT need to write memory to the process
511
asked Mar 03 '26 06:03
ReadProcessMemory and OpenProcess are part of the official windows API. These actually call other OS functions, such as ZwReadVirtualMemory/NtReadVirtualMemory and ZwOpenProcess/NtOpenProcess. The issue is that these functions can only be accessed by drivers. You can however create a software driver (by creating a Kernel Mode Driver (KMDF) or Windows Driver Model (WDM) in Visual Studio). The down side is this is all C++ and difficult.
You may want to look into an open source C# library called WhiteMagic. This injects a DLL into a process, and allows reading/writing of memory from inside the application itself. This uses OpenProcess to inject the DLL, however it may be possible to replace the injection method with an alternative, such as this: https://github.com/dwendt/UniversalInject.
178
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
