why do we allocate virtual memory address space within a process to get a read access to its memory?
A:
We do this, so the program doesn't depend on the system itself, but is always sure that it finds a certain variable at a certain memory address. By this, it is not necessary for the process itself to know where exactly the data is located, only in relation to the programs memory space. The OS takes care of the mapping from virtual adress to system adress.
Femaref
2010-05-22 13:07:11
A:
You don't need to allocate anything to read from the virtual address space of another process, you just need to call ReadProcessMemory (assuming you have an open handle to the target process with the needed access rights); the real problem is that you have to know where to read.
My psychic debugging powers (that - still - can be wrong) suggest me that you've just read some code about dll injection and don't understand what's going on with VirtualAllocEx. Is that right?
If so, well, that call usually is to allocate space in the remote process for the string with the name of the library to load, so that it can be passed to the LoadLibrary call (called via CreateRemoteThread) used to load the dll.
Matteo Italia
2010-05-22 19:36:48