I'm writing a Python script that uses the Windows API to learn process injection.
The injection is successful. I can verify that the shellcode is running, and Process Explorer shows the connection:
The problem is, when I looked for the injected memory region using VMMap, I am unable to find it. The output of my program indicates what the virtual address of the allocated memory region was. In the example case, the output is:
Remote memory address: 0x57c0000
When I open the process in VMMap, click the "Total", and then sort the bottom panel by address however,
It's mysteriously missing. Is there a reason it's missing, assuming the address the program reports is correct (which, it's coming straight from the Windows API, so it should be)?