[binstory1523]

Hi, try to ask a question
As the Force Suspend Process method Force ReadProcessMomey think you will also like
Have you ever seen something like this Do you minutes or materials similar examples?
Should some of the open source even possible?

[EP_X0FF]

Where? In user or in kernel mode?

[binstory1523]

Where? In user or in kernel mode?

Yes, In user or in kernel mode there a way?

[EP_X0FF]

Where? In user or in kernel mode?

Yes, In user or in kernel mode there a way?

Yes you can.

In user mode use direct syscall to NtReadVirtualMemory,e g.g http://www.kernelmode.info/forum/viewto ... 575&p=4187
In kernel mode google for KeStackAttackProcess and MDLs.