[try Beta version]
Not logged in

 
Reading memory

Jun 29, 2009 at 6:29am
AR Khan (54)
How can i read computers memory effectively???
Jun 29, 2009 at 12:15pm
CManowar (17)
you can't (is that simple & complicated)
Jun 29, 2009 at 2:24pm
AR Khan (54)
But i think i made a foolish try using pointer, CManowar.
Jun 30, 2009 at 3:24am
mackabee (152)
Depends AR Khan, are you trying to get your code to read the memory of its own process or read the memory of another process?

If you want to read the memory of your own process you can use pointers.

If you want to read the memory of another process you must use ReadProcessMemory() in Microsoft Windows or the ptrace() system call in Unix.

Of course if your code is running in kernel space then you can still use pointers to access other address spaces.
Last edited on Jun 30, 2009 at 4:14am
Jun 30, 2009 at 4:24am
AR Khan (54)
Thanks mackabee. Consider this code,
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
 
#include<iostream.h>
#include<conio.h>
main()
{
      char a;    //Declaring variable
      char *ptr; //pointer pointing to "a"
      ptr=&a;    //assigning address of a to ptr
      
      for(int i=0;;i++) //loop that prints character at pointers value and
                        //jumps by 1 byte(compiler dependant)
      {
              ptr++;
              cout<<*ptr;
      }
      getch();
}
Edit & Run

It gives some file names as output, some token etc but max useless and ends in an error. I want to study what is it??? And header file for ReadProcessMemory()???
Thanks again.
Last edited on Jun 30, 2009 at 4:28am
Jun 30, 2009 at 12:23pm
jsmith (5804)
ptr points to a single byte of allocated memory. The first time through your for() loop you print out this byte. Subsequent times through ptr points to possibly unallocated memory and therefore crashes.
Jun 30, 2009 at 1:23pm
AR Khan (54)
Yes it should crash. But processes other than this program store some data in the memory. Does ptr point to that when the loop iterates 2nd time and so on. I think "yes". If yes than can i read that effectively or all this discussion is meaningless???
Last edited on Jun 30, 2009 at 1:25pm
Jun 30, 2009 at 2:03pm
helios (17607)
You're venturing into the terrain of system-dependent behavior. There is no guarantee that the OS will let you do that and, in all likeliness, it won't let you and will instead crash the program. I'm fairly sure that no OS advanced enough to have virtual memory will let you do that.
Take a look at ReadProcessMemory(), but as its name suggests, it will only let you read another process' memory. It still won't let you read memory at random.
The only program I've seen capable of doing that is SoftICE, a kernel-level debugger. It's been a long time, but IIRC, it used a kernel driver to directly access memory.
There's really no point is doing it other than systems programming (kernel and driver programming).
Jul 4, 2009 at 3:46am
mackabee (152)
And the header file for ReadProcessMemory is in windows.h, possibly winbase.h; just check on MSDN.

There's really no point is doing it other than systems programming (kernel and driver programming).


Or game hacking *evil smile*
Last edited on Jul 4, 2009 at 4:39am
Topic archived. No new replies allowed.