How to search given sequence of bytes in a computer memory? ReadProcessMemory API does not suit because it only reads process memory, not whole memory.
Is there any existent solutions?
+2
A:
There's the Device\PhysicalMemory object, but mind that user-mode access is not permitted for some Windows versions (see the link). If you want to use it, you'll find this article useful (search for "5.2 chmod_mem.c" for some sample code).
AndiDog
2010-02-07 19:32:14
+1
A:
Due to the virtual memory and paging, you may not find the sequence in the physical memory.
Enumerating the processes and heap walking is one way to scan the memory, except the kernel memory.
Nick D
2010-02-07 19:40:59