How can I get another process base adress in Windows using C#?
Question
I was browsing exploitdb when I found one of Asus old drivers are vulnerable to physical memory read/write. There is a fully working PoC showing how to read from RAM. The problem is that I have an offset (let´s say 0x31E4) that indicates relative position of value that I need in programs memory, but the driver is returning info of absolute windows adress. How can I get base process adress in physical memory (preferebly in C#)? Is it even possible?
Example pseudocode:
DWORD offset = 0x31E4; // Offset
int size = sizeof(float); // Size of float
float output = Read(ProgramBase + offset, size); // Read function that read absolute value from RAM, for that I need ProgramBase
1 answers
solution1
1 ACCPTED 2019-02-01 13:00:46
If you want to find starting block of memory and ending block, this code should do it:
Process p = Process.GetCurrentProcess();
IntPtr startMemory= p.MainModule.BaseAddress;
IntPtr endMemory= IntPtr.Add(startMemory,p.MainModule.ModuleMemorySize);
Ofcourse instead of current process, you can get any other process, for example:
Process.GetProcessById(processId)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.