.
ReadProcessMemory. , , ,
CREATE_PROCESS_DEBUG_EVENT,
PROCESS_VM_READ
PROCESS_VM_WRITE.
DebugActiveProcess, , ,
openProcess , .
, "--" (-on-write) Windows , , . , , , , . - , , ,
EXCEPTION_BREAKPOINT. , , , , , (private) , . , , .
, . , , , "--", , ,
virtualQueryEx. , API-
virtualProtectEx,
PAGE_EXECUTE_READWRITE, , Windows "--". . , ( , ). , , "-", . ( ) , , .
API Win32:
OUTPUT_DEBUG_STRING_EVENT, . , , . , . 3 , . , ,
OutputDebugString , . 4-3 ,
WDBG
OUTPUT_DEBUG_STRING_EVENT. ,
DBG_ReadProcessMemory
- ReadProcessMemory
LOCALASSIST.DLL.
4-3.OutputDebugStringEvent
PROCESSDEBUGEVENTS.CPP
static
DWORD OutputDebugStringEvent ( CDebugBaseUser * pUserClass ,
LPDEBUGGEEINFO pData ,
DWORD dwProcessId,
DWORD dwThreadld ,
OUTPUT_DEBUG_STRING_INFO & stODSI )
{
TCHAR szBuff[ 512 ];
HANDLE hProc = pData->GetProcessHandle (); DWORD dwRead;
// .
BOOL bRet = DBG_ReadProcessMemory( hProc ,
stODSI.lpDebugStringData ,
szBuff, min ( sizeof ( szBuff) ,
stODSI.nDebugStringLength),
&dwRead ) ;
ASSERT ( TRUE == bRet);
if ( TRUE == bRet)
{
// NULL .
szBuff [ dwRead + 1 ] = _T ( '\0');
// CR/LF .
pUserClass->ConvertCRLF ( szBuff, sizeof ( szBuff));
// .
pUserClass->OutputDebugStringEvent ( dwProcessId,
dwThreadld , szBuff );
}
return ( DBG_CONTINUE);
}
, , Component diagram - - , . , .
| | 10.11.2021 - 12:37: - Personalias -> WHO IS WHO - - _.
10.11.2021 - 12:36: - Conscience -> . ? - _.
10.11.2021 - 12:36: , , - Upbringing, Inlightening, Education -> ... - _.
10.11.2021 - 12:35: - Ecology -> - _.
10.11.2021 - 12:34: , - War, Politics and Science -> - _.
10.11.2021 - 12:34: , - War, Politics and Science -> . - _.
10.11.2021 - 12:34: , , - Upbringing, Inlightening, Education -> , - _.
10.11.2021 - 09:18: - New Technologies -> , 5G- - _.
10.11.2021 - 09:18: - Ecology -> - _.
10.11.2021 - 09:16: - Ecology -> - _.
10.11.2021 - 09:15: , , - Upbringing, Inlightening, Education -> - _.
10.11.2021 - 09:13: , , - Upbringing, Inlightening, Education -> - _.
|
