Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How is it possible to access memory of other processes?

Tags:

security

memory

winapi

virtual-memory

protected-mode

I thought that one process cannot read the memory of other processes. But I'm shocked to see an application named "WinHex" which has "RAM Editor" and it is able to access the entire memory. Of all the processes.

How is that possible? And it is even able to modify the memory of other processes. Doesn't this become malicious?

like image 248
Alice Avatar asked Jan 01 '10 21:01

Alice

People also ask

Can processes access memory of other processes?

Processes cannot access other processes' memory in principle. In practice the underlying operating system usually offers this mechanism to privileged processes.

How can the OS prevent a process from accessing memory of another process?

Short answer: On x86 processors they do it by activating Protected Mode(32-bit) or Long Mode(64-bit). ARM or other processors implement similar concepts. The Protected Mode protects the memory space of different Processes from each other - giving each process its own memory space. This concept is called Virtual Memory.

Can a program access another program's memory?

You can't access another processes' memory like that (Ok, unless you're programming AmigaOS). The OS will prevent programs from accessing each other's memory. This won't work. If you want to access memory between programs, you need something like shared memory.

How do you read and write other process memory?

To read memory, you need the PROCESS_VM_READ and PROCESS_QUERY_INFORMATION rights. To write memory, you need the PROCESS_VM_WRITE and PROCESS_VM_OPERATION rights. Alternatively you could just ask for all rights with PROCESS_ALL_ACCESS , but I prefer to be precise.

2 Answers

In all likelyhood, the tool uses ReadProcessMemory or some variant, which requires PROCESS_VM_READ access.

With respect to your "malicious" comment, remember that you (or the process invoking this API, which likely needs Administrator-level permissions) already has total control over the machine. The security game is already lost at this point.

like image 115
Michael Petrotta Avatar answered Sep 22 '22 06:09

Michael Petrotta

Well, that's one of the things a process with the right privileges, granted by the operating system, can do. Processes cannot access other processes' memory in principle. In practice the underlying operating system usually offers this mechanism to privileged processes.

like image 34
pau.estalella Avatar answered Sep 23 '22 06:09

pau.estalella
Sign in to Comment

Related questions

IIS Returning Old User Names to my application
Facebook login - how to develop on both localhost and in production?
Signed session cookies. A good idea?
How can I launch Chrome with flags from command line more concisely?
How to store passwords in Winforms application?
Authentication, Authorization, User and Role Management and general Security in .NET
Content Security Policy for self subdomains
Unicode mirror character?
Why is strtok() Considered Unsafe?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
PHP $_SESSION for multiple users at once
The data protection operation was unsuccessful on Azure using OWIN / Katana
Do java's Inner classes pose a security risk?
Set httpOnly and secure on PHPSESSID cookie in PHP
api security implementation php
Creating feature in mac app to override the users security setting
How to does the token prevent csrf attack?
Hashing a session fingerprint really necessary?
Attacking Python's pickle
What are the risks of PHP sessions?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!