Get mapped memory regions for a process

HoShiMin / Kernel-Bridge

Windows kernel hacking framework, driver template, hypervisor and API written on C++

GNU General Public License v3.0

1.65k stars 384 forks source link

Get mapped memory regions for a process #12

Closed Turbo-Thorschten closed 4 years ago

Turbo-Thorschten commented 4 years ago

I'm trying to hexdump another process and I don't really know how to find the mapped regions of the target process. Do you have any idea if theres already a relatively simple method to do that?

Best regards!

HoShiMin commented 4 years ago

Well, you can use the KbExecuteShellCode to use a kernel-level ZwQueryVirtualMemory with a kernel handle of the target process.