Practice and Thinking on process memory

Theoretical basis
Killing the virus , Apply security countermeasures , Static reverse application , Dynamic reverse application , The most important object is , Memory data of the application .

Virus killing fight ： It is necessary to obtain the memory data of the killing object and compare it with the characteristics of the virus library .

Apply security countermeasures ： You need to protect your own memory data from being transferred .

Static reverse application ： Encountered application encryption protection , What's the use IDA I'll have a rest , At this time, it is very important to obtain the decrypted memory data .

Dynamic reverse application ： use ollydbg Dynamic debugging applications are mainly used to debug the memory data released during operation .

Sum up ： One of the problems with applications is memory data , Let's use code to get the of the application “ Air supremacy ”.

Effect display
What is shown below is , Read and operate , Running ClearData Memory data of the process .

The first part of the picture is the memory data correctly read , And write it into the newly created file , The file size is consistent with the original file of the process .

The second part of the picture is the working window , Shows some information about the read operation .

The third part of the picture shows , Running process information .