I'm trying to ReadProcessMemory on a certain process but it uses ObRegisterCallbacks to prevent another process to create a handle on it (OpenProcess). I have heard of people creating their own memory reading utilites in C# without ReadProcessMemory or OpenProcess. If anyone could show me how I would go about creating such a library that would be amazing (or if I could be linked to an existing one).
This is strictly READING memory, I do NOT need to write memory to the process
ReadProcessMemoryandOpenProcessare part of the official windows API. These actually call other OS functions, such asZwReadVirtualMemory/NtReadVirtualMemoryandZwOpenProcess/NtOpenProcess. The issue is that these functions can only be accessed by drivers. You can however create a software driver (by creating a Kernel Mode Driver (KMDF) or Windows Driver Model (WDM) in Visual Studio). The down side is this is all C++ and difficult.You may want to look into an open source C# library called WhiteMagic. This injects a DLL into a process, and allows reading/writing of memory from inside the application itself. This uses
OpenProcessto inject the DLL, however it may be possible to replace the injection method with an alternative, such as this: https://github.com/dwendt/UniversalInject.