谁可以写入分配的地址? [英] Who is allowed to write to an allocated address?
问题描述
我在 Delphi 中使用 VirtualAllocEx 在这样的外部进程中保留内存:
I am using VirtualAllocEx in Delphi to reserve memory in a foreign process like this:
var
p : pointer;
begin
p := VirtualAllocEx(Process, nil, SizeOf(Integer), MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
end;
ProcessHandle 之前已经用 PROCESS_ALL_ACCESS 打开.
The ProcessHandle has been opened with PROCESS_ALL_ACCESS before.
之后,我的程序将一个简单的整数值写入分配的地址,如下所示:
After that my program writes a simple integer value to the allocated address like this:
WriteProcessMemory(Process, p, @MyInteger, SizeOf(Integer), BytesWritten);
由于地址存储在 p 中 - 我可以保存地址以将其用于其他应用程序.另一个应用程序必须再次打开外部进程才能访问/写入外部进程中的地址.
Since the address is stored in p - I can save the address to use it for another application. The other application has to open the foreign process again to access/write the address in the foreign process.
我现在的问题是:谁/什么可以读/写外部进程中的这个地址?
My question is now: Who/What can read/write to this address in the foreign procces?
是否允许每个进程写入?是否允许每个进程读取?是否只有具有管理员权限的进程才有读/写权限?
Is every process allowed to write? Is every process allowed to read? Do only have processes with admin rights the right to read/write?
感谢您的回答.
推荐答案
具有授予读写访问权限的进程句柄的任何人都可以读取或写入内存.请参阅:PROCESS_VM_READ和 PROCESS_VM_WRITE.因此,归根结底,这取决于您如何获得该进程的句柄以及该进程的 DACL.
Anyone with a process handle that grants read and write access can read or write the memory. See: PROCESS_VM_READ and PROCESS_VM_WRITE. So, ultimately, it depends on how you got the handle to the process and the DACL on that process.
如果您创建了进程或启用了 SeDebugPrivilege,您通常会获得所有访问权限.当您调用 OpenProcess 时,您必须指定所需的访问类型,并根据进程的安全描述符检查该请求.
You typically get all access if you created the process or if you have SeDebugPrivilege enabled. When you call OpenProcess, you have to specify which kinds of access you want, it that request is checked against the security descriptor for the process.
这篇关于谁可以写入分配的地址?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
