WriteProcessMemoryAPC is an alternative to Windows' WriteProcessMemory that leverages APCs (Asynchronous Procedure Calls) to write into a process's memory. Instead of writing directly, it schedules a series of calls to RtlFillMemory via APCs to write byte by byte.
This is a Nim reimplementation of the original C technique.
- Create a suspended thread in the target process.
- For each byte to write:
- Schedule an APC that will call
RtlFillMemory. - The APC writes a single byte at a time.
- Schedule an APC that will call
- Resume the thread execution to process the APCs.
- Wait for execution to complete.
- Clean up resources.
WriteProcessMemoryAPC(hProcess: HANDLE, pAddress: ptr BYTE, pData: ptr BYTE, dwLength: DWORD): DWORDOriginal C technique by x86matthew, reimplemented in Nim.