How do you read directly from physical memory?

c++ c memory windows readprocessmemory

You would have to write a kernel mode driver and use memory manager functions to map physical memory range to your kernel driver's system space then export functionality to a user API or driver.

After windows 98 it is not possible in most cases to access physical memory from user mode. As others have put it this is so any old program cant just destroy people's computers. You would have to write a kernel driver, which can only be installed if it is signed and first loaded into the window's store. This alone is not a simple process like linking a DLL.

In summary MmAllocateContiguousMemory() is a windows kernel mode function which maps contiguous physical memory to system memory and is a part of ntoskrnl.exe.

Also you can not call these API's from user mode applications. Only driver's can use them. User mode applications CANNOT access physical memory with out the help of a driver. The driver can either handle request's from the user API or use IOCTLs and map it's resources to the API's virtual memory. Either way you will need the help of a driver which has to be installed by plug n play manager. PnP has to choose to install the driver on it's own either by hardware activation i.e. hot plug or some other method like a bus driver that is always on.

Further windows randomly assign's virtual address so that it is not easily possible to discern any pattern or work out it's physical location.


Neither the language C, nor C++ defines the term "memory". Things are defined in abstract terms like "storage" and "storage classifiers". Pointers are abstract things -- their values can be anything, totally unrelated to the physical or virtual addresses.

Only in the context of a system and its implementation are terms like memory and address space introduced. And since those are system specific things, one must use the methods provided by the OS to access them.

Even when implementing an OS kernel you have to do access to lowest level stuff not through C (because it simply can't), but through methods specific to implementation and architecture. Usually this is done through a set of low level functions programmed in assembly, which are written in a way that they match the kind of machine code the compiler generates. This allows those functions written in assembly to be called from C as if they were compiled by the compiler.

Related

Parallel ForEach on DataTable
With what should I replace the deprecated sizeWithFont: method?
Explicitly exclude an html element from the tab order
Discovering public IP programmatically
Unable to run a service command via cron
nginx close upstream connection after request
Write to CSV file and export it?
how to open a folder within Powershell
Can you set event.data with jquery trigger
How to get a list of current variables from Jinja 2 template?
Home/End keys do not work in tmux
Is there any limitation on JavaScript Max Blob size