Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Translating physical memory address to process

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
Polynomial
Grandmaster Cheater
Reputation: 5

Joined: 17 Feb 2008
Posts: 524
Location: Inside the Intel CET shadow stack
PostPosted: Fri Mar 25, 2011 9:20 am    Post subject: Translating physical memory address to process Reply with quote
I'm using \Device\PhysicalMemory to scan physical memory for a certain pattern (locating a particular pattern loaded into any executable) and as such I want to be able to map that physical memory address to the owner process. Any ideas?
_________________
It's not fun unless every exploit mitigation is enabled.
Please do not reply to my posts with LLM-generated slop; I consider it to be an insult to my time.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25785
Location: The netherlands
PostPosted: Fri Mar 25, 2011 1:49 pm    Post subject: Reply with quote
Look into NtOpenSection and NtMapViewOfSection (should work in usermode, but instead of the current process you give the target process)

memscan.c in ce's driver contains the routine ReadPhysicalMemory where those api's are used. They are of course the Zw versions but the nt versions 'should' work as well (Not sure if it still works though as I heard microsoft had put in security checks blocking this method as it could be used to bypass drm...)

And hey, if all else fails, just go kernelmode and edit the paging system yourself (0xc0000000 for 32-bit and 0xfffff68000000008 for 64-bit) , don't forget to flush after you're done
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites