Exploring Virtual Memory (ProcessWalker)
I was reading this article on MSDN "Managing Heap Memory in Win32"
And in it they are explaining about a tool called ProcessWalker.exe
In the article they explained that they can use this tool to explore the contents of virtual memory of any process.
Does anyone know where I can download this tool from. Or maybe ProcessWalker might be deprecated. Does anyone know any other such tool?
And I don't understand how is it even possible for such a tool to exist, wouldn't such a tool cause security breach?
17 years is a really long time ago. Forget everything it says about GlobalAlloc and LocalAlloc. The SysInternals' VMMap utility does a similar job, it is excellent.
The OS must keep information about virtual memory mappings of user processes. Tools such as runtime linkers and loaders explicitly manipulate virtual memory layout of a given process. All these are vital but normal services of the operating system as a whole.
Then there's the monitoring side - how much memory each process is using, what libraries are used by each, what's a page fault rate, etc. etc. All this must be available to userland tools.
The security side of things is managed with user and group permissions, or capabilities. Regular user must not be able to inspect memory of other user's process, but should be able to inspect his own. An administrator should then be able to access all the information provides by the system.