Results 1 to 7 of 7

Thread: Low-level (not necessarily process specific) memory editor for Windows XP?

  1. #1
    Six Black Roses
    Guest

    Low-level (not necessarily process specific) memory editor for Windows XP?

    I've searched a bit, but there are too many vague results on Google. This forum doesn't seem to have the thread I'd look for.

    Basically I want to be able to view and edit physical memory. Maybe I'm asking the wrong question, but would Windows XP launch such program? Perhaps there's something a bit on a higher level.

    I want to be able to view memory that's not specific to processes. As a matter of fact, if there's a utility that'd allow me to see the BIOS shadow (not sure of the proper term), I'd prefer that.

    In other words, I want as low-level a memory editor as will run under Windows XP. SoftICE, even if applicable, is not an option. My USB keyboard doesn't work with it, no matter which settings I've tried, etc.

    Thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    This would require some kind of ring 0 application (i.e. kernel driver), to break through the virtual memory layer.

    Why do you want to read physical addresses instead of the virtual addresses that the applications use? Are you familiar with the virtual memory model of Windows?

    For reading the virtual memory space of any process (which is still all the memory that any specific process can access), WinHex is pretty good anyway.

  3. #3
    very good decision, Delta i'm using winhex for years

  4. #4
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    this should be exactly what you're looking for (along with source code):
    http://www.sysinternals.com/ntw2k/info/tips.shtml#kmem

    if you want a more detailed write-up on how it works, read
    http://www.phrack.org/phrack/59/p59-0x10.txt

  5. #5
    You just got to love this place. Ask a good and/or interesting question, and ye shall receive a relevant URL.
    The whole darn page is filled with information that is useful.
    http://www.sysinternals.com/ntw2k/info/tips.shtml

    Regards,
    JMI

  6. #6
    You might also consider Davory as well. You can sample this on Stephen site too.
    we are demons to some, angels to others.....

  7. #7
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Cool, I wasn't aware of that "backdoor" to the physical memory.

Similar Threads

  1. Replies: 0
    Last Post: April 28th, 2008, 16:00
  2. Debugger and process memory
    By Hex Blog in forum Blogs Forum
    Replies: 0
    Last Post: February 4th, 2008, 00:01
  3. How to find all rows/lines with a specific memory address?
    By tDJ in forum OllyDbg Support Forums
    Replies: 4
    Last Post: October 21st, 2005, 01:26
  4. How to watch a specific range of memory ?
    By Xtra in forum OllyDbg Support Forums
    Replies: 2
    Last Post: May 1st, 2005, 01:59
  5. Windows CE hex editor
    By spamal in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: August 15th, 2001, 16:24

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •