Writing to windows 10 memory

Is it possible to write directly to application memory using an arduino. I know it can be read using certain boards and drivers (ie GitHub - ufrisk/pcileech: Direct Memory Access (DMA) Attack Software) but i want to write to memory. I considered using a driver, but i am wondering if it can be done completely using hardware. Does anyone know of a way i can do this?

How would you even know what address to write to?

couldnt u just hardcode adresses?

If you could, that would be a security violation of the first magnitude and the watchful eye of Microsoft would catch it as soon as you tried and mark that program as rogue and not allow it to execute again.


How would you even know what address to write to?

I suspect that would not even be known by 75% of Microsoft's programmers :slight_smile:


Even if it was possible, this sounds like a silly dog-chasing-car exercise. Why is it so necessary to do this that using several other PC storage methods like everybody else uses will not suffice?

couldnt u just hardcode adresses?

Quite aside from all the other reasons why this is a bad idea, Windows now implements Address Space Layout Randomization. Each time the program runs, the executable code ends up in a different place in memory. This in turn can affect where data lives in memory.

The only way to know where to write would be to ask the program in question what the address is. If you could do that, it would just be easier to tell the program what the value was and let it decide where to put it.

It would be way easier to write your own custom program that runs on the PC that receives the value and stores it somewhere.

Even the program itself does not know the physical address of memory where it resides, for that you need information from the memory management hardware, and at any given time only part of a program may be in physical memory, with other parts stored in paging/swapping files on disk.

Isn't whats being asked for effecively an additional piece of hardware and driver?

For example an ethernet card has some memory on it that is mapped into the Pcs addess space, a driver can then copy from that memory into another location when asked to do so. Importantly the memory on the hardware is not directly addresable within the applications address space.

Since the windows OS is a virtual address space implementation even if you knew the memory address within the application it would not help as that memory address in the application could then map to a piece of ram, or to a piece of the harddisk (pagefile) so writing to it directly could be very slow (it would have to trigger moving that page from the hardisk to ram and that might require moving something else out of ram to hardisk first).