I want to write a small amount of memory inside of a specific address range of my process.
Example
5 bytes
0x 00 40 00 00
0x 00 A0 00 00
The range in which I want to write is already allocated by the process. Therefore, I can't simply allocate new mem with VirtualAlloc
.
However, since the pages in the desired address space are used for program code, they are not 100% used. There exists enough space somewhere to write my 5 bytes.
What do I have to do to ensure that I don't overwrite necessary memory?
I don't think there's a nice, general way to do what you're wanting. Since it looks like you're talking about Windows and about where the default spot to load a PE is, I'll make some assumptions here that might help you.
If you're willing to parse the PE-header, you can generally find slack-space in there. Check out the areas between the sections and before the functions. Depending on how the application was built, you might find areas between functions to be filled with INT3's that would probably be sufficient for what you're looking for.
If you gave us more information on what you're trying to do specifically, we could probably help more. Can you just patch the binary before loading it or do you have to do everything at run-time?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.