Holy cow, I wrote a book!
There are a bunch of functions that allow you to manipulate
the address space of other processes,
Of what possible legitimate use could they be?
Why would one process need to go digging around inside
the address space of another process,
unless it was up to no good?
These functions exist for debuggers.
For example, when you ask the debugger to inspect
the memory of the process being debugged,
ReadProcessMemory to do it.
Similarly, when you ask the debugger to update the
value of a variable in your process,
WriteProcessMemory to do it.
And when you ask the debugger to set a breakpoint,
it uses the
to change your code pages from read-execute
to read-write-execute so that it can patch
an int 3 into your program.
If you ask the debugger to break into a process,
it can use the
function to inject a thread into the process
that immediately calls
was subsequently added to make this simpler.)
But for general-purpose programming,
these functions don't really have much valid use.
They tend to be used for nefarious purposes
like DLL injection and cheating at video games.
[Raymond is currently away; this message was pre-recorded.]