Sorry i am very newer in this part and i am going to confuse every step ...
I Want to read a protected memory that need to bypass protection to enter.I have a hookdriver.sys file and want to bypass the protection and readHow can i connect the hookdrv.sys to my codes and read the protected memory?
Tried run the .sys file in services and using this codeMaybe this code is completely wrong because i am very confused
[DllImport("kernel32.dll")] public static extern IntPtr OpenProcess(uint dwDesiredAccess, bool bInheritHandle, int dwProcessId); [DllImport("kernel32.dll")] public static extern bool ReadProcessMemory(IntPtr hProcess, UIntPtr lpBaseAddress, UIntPtr dwSize, out ulong lpNumberOfBytesRead); const uint DELETE = 0x00010000; const uint READ_CONTROL = 0x00020000; const uint WRITE_DAC = 0x00040000; const uint WRITE_OWNER = 0x00080000; const uint SYNCHRONIZE = 0x00100000; const uint END = 0xFFF; //if you have Windows XP or Windows Server 2003 you must change this to 0xFFFF const uint PROCESS_ALL_ACCESS = (DELETE | READ_CONTROL | WRITE_DAC | WRITE_OWNER | SYNCHRONIZE | END); public bool ReadProcessMem(ulong BaseAddress, out byte[] Buffer, int BufferSize, out ulong NumberofBytesRead) { byte[] buf = new byte[BufferSize]; bool b = ReadProcessMemory(pInstance, new UIntPtr (BaseAddress), new UIntPtr((uint)buf.Length), out NumberofBytesRead); Buffer = buf; return b; }