谁可以写入分配的地址? [英] Who is allowed to write to an allocated address?
问题描述
我在 Delphi 中使用 VirtualAllocEx 在这样的外部进程中保留内存:
I am using VirtualAllocEx in Delphi to reserve memory in a foreign process like this:
var
p : pointer;
begin
p := VirtualAllocEx(Process, nil, SizeOf(Integer), MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
end;
ProcessHandle 之前已经用 PROCESS_ALL_ACCESS
打开.
The ProcessHandle has been opened with PROCESS_ALL_ACCESS
before.
之后,我的程序将一个简单的整数值写入分配的地址,如下所示:
After that my program writes a simple integer value to the allocated address like this:
WriteProcessMemory(Process, p, @MyInteger, SizeOf(Integer), BytesWritten);
由于地址存储在 p
中 - 我可以保存地址以将其用于其他应用程序.另一个应用程序必须再次打开外部进程才能访问/写入外部进程中的地址.
Since the address is stored in p
- I can save the address to use it for another application. The other application has to open the foreign process again to access/write the address in the foreign process.
我现在的问题是:谁/什么可以读/写外部进程中的这个地址?
My question is now: Who/What can read/write to this address in the foreign procces?
是否允许每个进程写入?是否允许每个进程读取?是否只有具有管理员权限的进程才有读/写权限?
Is every process allowed to write? Is every process allowed to read? Do only have processes with admin rights the right to read/write?
感谢您的回答.
推荐答案
具有授予读写访问权限的进程句柄的任何人都可以读取或写入内存.请参阅:PROCESS_VM_READ和 PROCESS_VM_WRITE.因此,归根结底,这取决于您如何获得该进程的句柄以及该进程的 DACL.
Anyone with a process handle that grants read and write access can read or write the memory. See: PROCESS_VM_READ and PROCESS_VM_WRITE. So, ultimately, it depends on how you got the handle to the process and the DACL on that process.
如果您创建了进程或启用了 SeDebugPrivilege,您通常会获得所有访问权限.当您调用 OpenProcess 时
,您必须指定所需的访问类型,并根据进程的安全描述符检查该请求.
You typically get all access if you created the process or if you have SeDebugPrivilege enabled. When you call OpenProcess
, you have to specify which kinds of access you want, it that request is checked against the security descriptor for the process.
这篇关于谁可以写入分配的地址?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!