Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Access to \device\physicalmemory
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #13  
Old 02-18-2005, 20:26
Dmit
 
Posts: n/a
Quote:
Originally Posted by souz
but is it possible to emulate read attempts to that addresses???
Which tools can be useful to determine, which API used to read this memory area?
API SPY does not show it... in code there called ntMapOfView...
I'm not too good in kernel stuff but here are two theoretical ideas (may be wrong):
- use hardware breakpoint to catch read attempt at some address and handle it
- if you know how exactly (by means of which function) video BIOS is mapped in address space of calling process, intercept that function and return pointer to some other region containing any data.
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Api Hooking w/ Device Driver Peter[Pan] General Discussion 7 06-20-2005 02:57


All times are GMT +8. The time now is 10:02.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )