lo, i always thought that dll's were in shared memory. but if i change kernel32.dll in one process, all the others stay normal... am i right?
Depends on OS and how you change the memory. Under NT kernels,
there's a sweet little thing called Copy On Write. Iirc, COW is effective
even in ring0 (on processors that honor the absence of page write
privileges even from ring0 - yeah, some processors are bugged.)
If you want to change a library under NT, you need to write a KMD,
disabled write protect flag, modify stuff, enable wp flag. If you need
to allocate additional memory.... good luck ;).
there's a sweet little thing called Copy On Write. Iirc, COW is effective
even in ring0 (on processors that honor the absence of page write
privileges even from ring0 - yeah, some processors are bugged.)
If you want to change a library under NT, you need to write a KMD,
disabled write protect flag, modify stuff, enable wp flag. If you need
to allocate additional memory.... good luck ;).
...If you want to change a library under NT, you need to write a KMD,
disabled write protect flag, modify stuff, enable wp flag. If you need...
well, thats what i did ;( i wrote an app that was able to write into kernel32.dll, but it was only visible in the process i did that ;(
well, thx anyway
disabled write protect flag, modify stuff, enable wp flag. If you need...
well, thats what i did ;( i wrote an app that was able to write into kernel32.dll, but it was only visible in the process i did that ;(
well, thx anyway
And you *did* disable copy-on-write?