Windows 8下读取物理内存 [英] Read physical memory under Windows 8
问题描述
我希望能够插入一个物理地址,并读取存储在该地址的数据.
I would like to be able to plug in a physical address, and read the data stored at that address.
在 Linux 下,我会使用 /dev/mem来获取这些数据.在 Windows 8 下,我不确定有什么机制可以做到这一点.
Under Linux, I would use /dev/mem to acquire this data. Under Windows 8, I'm not sure what mechanism is available to do this.
我的用例是检查 PCI Express 设备.PCI Express 设备在已知地址创建一个环形缓冲区,我可以从 PCIe BAR 确定该地址.此地址一旦设置,在计算机重新启动之前不会更改.
My use case is inspecting a PCI Express device. The PCI Express device creates a ring buffer at a known address, that I can determine from the PCIe BAR. Once this address has been set, it won't change until the computer restarts.
目前,我可以使用 RW Everything 之类的应用程序来查看那里的数据,但我希望能够在没有用户交互(没有 GUI)的情况下执行此操作,以便在访问数据之前减少环形缓冲区包装的问题.
Currently, I can use applications like RW Everything to see the data there, but I would like to be able to do this without user interaction (Without the GUI) so that I have fewer issues with the ring buffers wrapping before I can access the data.
有谁知道我是否可以从用户空间进行特权 Windows 系统调用(例如映射区域),或者我是否需要使用自定义内核模块来执行此操作?我想有一些方法可以在没有自定义内核模块的情况下做到这一点,因为我不相信我在安装 RW Everything 时安装了一个.
Does anyone know if there is a privileged Windows system call I can make from userspace (to mmap a region for example) or do I need to use a custom kernel module to do this? I imagine that there is some way to do it without a custom kernel module, because I don't believe I installed one when I installed RW Everything.
推荐答案
从 Windows Server 2003 SP1 开始,用户模式访问物理内存是不可能的.您必须开发一个驱动程序才能执行此操作(或找到包含该驱动程序的第三方工具).
Since Windows Server 2003 SP1, user-mode access to physical memory has not been possible. You will have to develop a driver to do it (or find a third-party tool that includes one).
来自技术网:
在 Windows Server 2003 SP1 中,不允许用户模式访问 \Device\PhysicalMemory 对象.当从用户模式应用程序访问 \Device\PhysicalMemory 对象时,所有形式的访问(读、写)都会被拒绝.无论应用程序在何种用户上下文(管理员、用户、本地系统等)中运行,都拒绝访问 \Device\PhysicalMemory 对象.
In Windows Server 2003 SP1, user-mode access to the \Device\PhysicalMemory object is not permitted. All forms of access (read, write) are refused when the \Device\PhysicalMemory object is accessed from a user-mode application. Access to the \Device\PhysicalMemory object is refused regardless of the user context (Administrators, Users, Local System, etc.) the application is running in.
这篇关于Windows 8下读取物理内存的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
