Dear all,
Need to help to read the physical memory address of a Windows t process (Notepad -64bit process).
For example, I the Windows API , I can read the Heap memory of a process - Block Size, Block Address. It is Virtual address of heap.
https://msdn.microsoft.com/en-us/library/windows/desktop/dd299432(v=vs.85).aspx
Now, through inline assembly, how to translate this address to actual physical memory of the Intel i7 processor??
Objective: For a security project - If the processor Instruction Pointer (RIP) points to heap memory of the Windows process , program( Win32, C, Intel C++ compiler on Visual Studio community/ Windows 10)) should be detect and alert. Is the LEA instruction useful. Am I missing something ?!
Any suggestion, highly useful :)
Cheers!
Chandra