    Reading process address space


    I'm working with windows 7, my reaserch is about process migration, I want to access the process's code and data segments, so I tried to get the LDT descriptor, I made a driver to access the EPROCESS struct but when I read the LDTdescriptor I got zero value always, and when I searched for the reason I found that windows NT doesn't use LDT. So, please would you give me any helpful note that might guide me in my work. I don't know how to reach the process's memory space. The process is a specific one and not a system process.

    Call OpenProcess() to get a process handle, then use VirtualQueryEx() to enumerate the page ranges. Use ReadProcessMemory() to get the data.
    If all you need is the code and data segments then using a driver is overkill.

    brewbuck's methods will do it.

    Yes all I want is the segments of my process.
    The problem was that I don't know how to get the address, I didn't read about VirtualQueryEx() before.

    I'll try this methods.

    Thank you very much for replying.

