I'm swimming a bit only because I'm not well versed in any of this stuff. I'm not (too) dumb, I'm just more active in systems orchestration space vs this low level space.
I re wrote a good portion of some guys memproc fs plugin and got it working with all the latest stuff.
I can enumerate processes:
I can attach to a process and enumerate modules and sections:
I figured I'd run into this, I didn't know if there was some cool magic that I couldn't foresee (I was hoping), but now I can't scan anything. That makes sense. I can tell you address ranges, but if I'm not mistaken, you can't see any of those because you don't have any form of traditional access. If I want to search for arbitrary data, I have to be able to get inside those ranges and see whats in there. Right?
Do you have anything I can look at, that might frame this process?
Edit:
Also, everything I give to this is from the Virtual Address Descriptor tree vs the page table entry. I'm not sure enough to know if that matters. I just knew the last guy was looking for heap space and I couldn't get that out of the pte methods memproc fs provides
I'm swimming a bit only because I'm not well versed in any of this stuff. I'm not (too) dumb, I'm just more active in systems orchestration space vs this low level space.
I re wrote a good portion of some guys memproc fs plugin and got it working with all the latest stuff.
I can enumerate processes:
I can attach to a process and enumerate modules and sections:
I figured I'd run into this, I didn't know if there was some cool magic that I couldn't foresee (I was hoping), but now I can't scan anything. That makes sense. I can tell you address ranges, but if I'm not mistaken, you can't see any of those because you don't have any form of traditional access. If I want to search for arbitrary data, I have to be able to get inside those ranges and see whats in there. Right?
Do you have anything I can look at, that might frame this process?
Edit:
Also, everything I give to this is from the Virtual Address Descriptor tree vs the page table entry. I'm not sure enough to know if that matters. I just knew the last guy was looking for heap space and I couldn't get that out of the pte methods memproc fs provides