C# memory address value cannot be modified?

Question

Use "OllyDbg" app in picture.

My questions: Why cannot modify value in picture of part Q1? (any address all cannot.)

But can modify in part Q2?

My C# code:

[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);

[DllImport("kernel32.dll", SetLastError = true)]
static extern bool WriteProcessMemory(int hProcess, int lpBaseAddress,byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesWritten);

[DllImport("kernel32.dll")]
public static extern bool ReadProcessMemory(int hProcess,int lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);

static void Main(string[] args)
{
    Process process = Process.GetProcessesByName("Defiance")[0];
    IntPtr processHandle = OpenProcess(0x1F0FFF, false, process.Id);
    int bytesWritten = 0;
    byte[] buffer = Encoding.Unicode.GetBytes("test");

    WriteProcessMemory((int)processHandle, 0x022AE000, buffer, buffer.Length, ref bytesWritten);

    Console.ReadLine();
}

because rdata is read-only, consider http://stackoverflow.com/questions/19012300/whats-the-difference-between-rdata-and-idata-segments — Oleg Bogdanov, Jan 31 '17 at 07:51

score 3 · Answer 1 · answered Jan 31 '17 at 08:31

3

Your question is why you cannot modify the data in the read-only data section.

By definition the read-only data section can only be read, not modified or executed. That's why it's called the "read-only data section", or "rdata", for short.

answered Jan 31 '17 at 08:31

Eric Lippert

647,829
179
1,238
2,067

Because i want to modify data in ".rdata", Have other method can modify data? – BadMan Jan 31 '17 at 09:39
1

@BadMan: You're going down the wrong path. Whatever problem you are trying to solve, modifying rdata is probably not the way to solve it. – Brian Jan 31 '17 at 14:07
@BadMan: The whole point of that segment is that it is read-only, and therefore can be safely shared between different processes; remember, memory is virtualized. You can have the same page of physical rdata memory mapped to a dozen different virtual memory spaces. Imagine the chaos if you could then *modify* that data; you might be changing the *constant data* of a dozen different processes at once. The operating system is preventing you from messing with this for a good reason; don't try to disable that safeguard. – Eric Lippert Jan 31 '17 at 19:41

C# memory address value cannot be modified?

1 Answers1