为什么有像WriteProcessMemory这样的函数可用?
标题几乎概括了这一点。我刚刚发现这个功能,嗯,它的存在让我感到惊讶,因为我立即想到了可能的安全后果。
为什么会有这样的功能呢?我知道对于调试这样的东西或多或少是必要的,但允许所有进程使用它似乎是一个很大的安全问题。
我错过了什么吗?
Title pretty much sums it up. I just found out about this function and well, it surprised me it existed as immediately the possible security consequences sprung into mind.
Why is there such a function? I understand that for debugging something like this is more or less necessary but allowing it for all processes seems like a big security problem.
Am I missing something?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果需要该函数来编写调试器,那么该函数必须存在,就这么简单。 hProcess 参数必须以足够的权限打开才能写入进程,恶意软件很难做到这一点。
If the function is needed to write a debugger, then the function must exist, it's as simple as that. The hProcess argument must have been opened with sufficient privileges to write into the process, and it will be difficult for malware to do that.
如果您阅读了
WriteProcessMemory 的 MSDN 文档你会看到,所以你已经有权访问你想要修改的进程。因此用户不能使用此功能扰乱彼此的进程。
If you read the MSDN documentation for
WriteProcessMemoryyou will see,So you already have to have access to the process you want to modify. So the users can't mess with each other's processes using this function.