how to write in a running PE (Portable Executable) address space? specifically the PE header? RRS feed

  • Question

  • hi, i would like to know if there is an API allowing me to write at the address space of a running PE process?

    say i have a running process and i want to change its pointer (located in the section table) to its virtual address? or say i tampered with its raw data, so i needed to update the section table? how do i do that? is there a clean approach such as an already available API or do i have to do some sort of dirty hack involving offsets?
    Sunday, May 24, 2009 3:32 AM


All replies