error accessing process modules

[P1]

Umm ProcDump works perfect.  I will try a little better ...

Pro:  From what I can tell he is doing a dump of PE headers from Processes running in the system.  He can not open the .exe files because of access violations of being open and in use.  On top of that, he should be using EnumProcesses.

Con:  After that, he wants to edit them.  And is avoiding questions about that part.  Recent/low posting member tackling advanced topics.

Personal Message Hutch or one of the moderators.

debzequke, please fill out more of your profile.

Regards,  P1  :8)

[hutch--]

I will open the topic on the basis that the member has contacted me but I am yet to hear a good reason why the member is trying to access code of this type. We have no problem with anyone writing a PE file editor but we do with anyone who wants access to any running process to modify it on the fly while in memory. This is technically the basis of many of the modern trojan forms, in memory patching of OS files and the like.

Please understand that with the membership in this forum that you collectively have hundreds of years of experience and no-one misses what is going on with unusual questions. To allow further postings we need a clear explanation of WHAT the member wants to do, not an assurance that its not security related.

If we get an acceptable answer, the topic will remain open, if not it goes to the scrap heap.

[debzequke]

i started up doing a simple PE editor. i thought to add process viewer to the proggy, anyway thats what most PE editor do. the part with process viewer is that few process behaved differently while others including core process like smss, svchost etc were responding, while i was just trying to populate their modules. i would have not been surprised if they responded in a such a manner when i tried to kill them, rather that was not the case.
if that was the final stage i would have not troubled myself but i came across some process viewers able to succeed. so i want to understand why did i fail ?

[hutch--]

What you are after sounds OK but understand we have been burnt a few times with guys trying to feed us bullsh*t while fishing for technical data for illegal purposes and we will never allow this. The tool you are trying to do sounds something like the Sys Internals "Process Explorer" which is very useful if you can get it onto a machine that has been trojan damaged as it allows you to shut down rogue processes and try and fix the OS installation.

This type of stuff is fine but make sure the topic does not wander off into the area of memory patching or other methods of circumventing commercial or OS software as we will close it down for good if it does.