Reading process address space

**nadia_tarik** · 01-06-2012

hello,

I'm working with windows 7, my reaserch is about process migration, I want to access the process's code and data segments, so I tried to get the LDT descriptor, I made a driver to access the EPROCESS struct but when I read the LDTdescriptor I got zero value always, and when I searched for the reason I found that windows NT doesn't use LDT. So, please would you give me any helpful note that might guide me in my work. I don't know how to reach the process's memory space. The process is a specific one and not a system process.

thanks in advance.

**brewbuck** · 01-06-2012

Call OpenProcess() to get a process handle, then use VirtualQueryEx() to enumerate the page ranges. Use ReadProcessMemory() to get the data.

**Fordy** · 01-06-2012

If all you need is the code and data segments then using a driver is overkill.

brewbuck's methods will do it.

**nadia_tarik** · 01-07-2012

Yes all I want is the segments of my process.
The problem was that I don't know how to get the address, I didn't read about VirtualQueryEx() before.

I'll try this methods.

Thank you very much for replying.

Thread: Reading process address space

Thread Tools

Search Thread

Display

Reading process address space

Similar Threads

a library or API providing direct access to a running PE address space

Process memory space

Why address space 0-0x08000000 in a process is unused?

how do you get the min and max address space of a process ,

injecting my own thread into the address space of another process - cannot call any f