Reputation: 33410
Why are there functions like WriteProcessMemory available?
Title pretty much sums it up. I just found out about this function and well, it surprised me it existed as immediately the possible security consequences sprung into mind.
Why is there such a function? I understand that for debugging something like this is more or less necessary but allowing it for all processes seems like a big security problem.
Am I missing something?
Upvotes: 1
Views: 669
Answers (2)
Reputation: 47662
If you read the MSDN documentation for WriteProcessMemory you will see,
hProcess [in]
A handle to the process memory to be modified.
handle must have PROCESS_VM_WRITE and PROCESS_VM_OPERATION access to the process.
So you already have to have access to the process you want to modify. So the users can't mess with each other's processes using this function.
Upvotes: 3
Reputation: 375854
If the function is needed to write a debugger, then the function must exist, it's as simple as that. The hProcess argument must have been opened with sufficient privileges to write into the process, and it will be difficult for malware to do that.
Upvotes: 6
Related Questions
- Why does WriteProcessMemory need the handle value passed in, not the ID of the target process?
- Writing process memory without WriteProcessMemory
- Why does CopyRect WinAPI function exist?
- ReadProcessMemory Win32
- Why use ReadProcessMemory() with handle to current process?
- Windows kernel ReadProcessMemory() / WriteProcessMemory()?
- WriteProcessMemory C++
- Does ReadProcessMemory/WriteProcessMemory access program data or code?
- WriteProcessMemory
- CreateRemoteThread, WriteProcessMemory, VirtualAllocEx - why use them?