Reading User-Mode Process Memory from Kernel-Mode Code in Windows
One of the popular techniques is based on the usage of a pair of functions: This technique is used by both Antiviruses and Rootkits. So the final snippet code could be as follows The careful reader could notice that, unlike ReadProcessMemory(), which is subject to user-mode process protections and access control, kernel-mode code operates at a higher privilege… Read More »