All geek questions in one place

Is there a way to reset all physical memory values?

I understand that each user process is assigned a virtual address space that can be reset. But is there a way to reset the physical address space? Suppose I have a 32-bit system with 4 GB of memory, can I write a program to print each physical memory.

I understand that this violates memory protection, etc., but if it is possible, how can I convert this to a kernel process or a lower-level process so that I can access all the memory.?

I would like to know how to write such code (if possible) on a Windows / Linux platform (or kernel) .. Or if I have to use Assembly or something like that, how to go to this privilege level.

+4
source share
5 answers

On Linux, you can open and display the device file /dev/mem (if you have read permission). This corresponds to physical memory.

+2
source

can i write a program to print each physical memory location.

I think that no operating system gives the user access to physical memory. So you can’t. All you see are virtual addresses created by the operating system.

0
source

On Windows, you can directly access physical memory. Some of the things you can do:

  • Using the Device \ PhysicalMemory object - you cannot access all physical memory, and access to it in user mode is limited starting from Windows Server 2003 SP1.
  • Using address window extensions - you can manage your own virtual-physical address mappings, so in a sense, you access the physical memory directly, though anyway through page tables.
  • Write kernel mode driver - there are kernel APIs for direct access to physical memory, allocation of pages of physical memory, etc. One reason for this is DMA (direct memory access).

None of these methods will give you simple and unlimited access to any physical memory location. If I may ask, what are you trying to accomplish?

0
source

I think you could do it using the kernel mode driver , but the result will be gibberish, like what the user has a RAM section at the time of capture, this is what the OS unloaded, it can be part of a single application or a target from a whole groups. This previous SO question may also be useful: How does the Windows kernel mode driver work, access to paged memory?

0
source

Try this NTMIO - WINDOWS TEAM FOR ACCESS TO EQUIPMENT RESOURCES http://siliconkit.com/ocart/index.php?route=product/product&keyword=ntmio&category_id=0&product_id=285

0
source

Source: https://habr.com/ru/post/1338688/

More articles:


All Articles