0

I'm writing a Python script that uses the Windows API to learn process injection.

The injection is successful. I can verify that the shellcode is running, and Process Explorer shows the connection:

Process Explorer

The problem is, when I looked for the injected memory region using VMMap, I am unable to find it. The output of my program indicates what the virtual address of the allocated memory region was. In the example case, the output is:

Remote memory address: 0x57c0000

When I open the process in VMMap, click the "Total", and then sort the bottom panel by address however,

VMMap

It's mysteriously missing. Is there a reason it's missing, assuming the address the program reports is correct (which, it's coming straight from the Windows API, so it should be)?

Improve this question

1 Answer 1

Reset to default
1

It turned out, I neglected to run VMMap as an administrator, which caused some regions to be missed. If I reopen it with elevated privileges, I'm able to find it:

Found VMMap

So if you're unable to find a region of memory, make sure you have the proper permissions.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .