I'm trying to dump a file that is stored at a place in memory with 41mb's in file size.
Any idea's how to dump a file that is stored in memory at a place in contiguous memory?

Would love to hear your opinions much appreciated.

Something like this comes to mind:

Thanks much appreciation.

// ofstream constructor.
#include <fstream> // std::ofstream
#include <Windows.h> // windows std lib
#include <stdio.h> // printf
#include <iostream> // cout

int main(int argc, char* argv[])
{
HWND hwnd = FindWindowA(NULL, "gametutorial");

if (hwnd == NULL)
{
cout << "Cannot find window." << endl;
Sleep(3000);
exit(-1);
}
else
{
DWORD procID;
GetWindowThreadProcessId(hwnd, &procID);
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID);
if (procID == NULL)
{
cout << "Cannot obtain process." << endl;
Sleep(3000);
exit(-1);
}
else
{
printf("Dumping cartfile now... \n");
ofstream outputStream("cartfile.dat", ios::out | ios::binary);
outputStream.write((char*)0x43417254, 43.417254);
outputStream.close();
system("pause");
return 0;
}
}


}


But it only dumps the cartfile but it is 0 size.
Which the address in memory holds 41 mbs in size so what Am I doing wrong?

> ofstream ofs("test.z64", ios::in | ios::binary);
1. You don't use this file
2. An ofstream with ios::in isn't likely to be useful

> ofstream outputStream("cartfile.dat", ios::out | ios::binary);
The ios::out is redundant, you already made that clear with ofstream.

> outputStream.write((char*)0x81865e58, 2072);
Where did you get that hex address from?

I edited my code above.
And yes I used a hex editor to get the bytes.
Also, The bytes I gave was incorrect I fixed what I use now above.
I converted the bytes to decimal and then took the decimal value and converted it to MB'S and got the correct 41 mb's in total size at that place in memory.
So, again what can I be doing wrong?
@salem c I'm sorry for any frustration I appreciate you all taking the time to help me means a lot.

I just hope someone can guide me here to what I need to do.

You seem to want to obtain memory dump relating to the process 'gametutorial'? The given memory address relates to the current running process, not another. So you are trying to dump memory for the program dumping the memory! On Windows, to get access to the memory space of another process you have to use ReadProcessMemory() See https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-readprocessmemory Also note that you will need to acquire special privileges to do this as you need PROCESS_VM_READ privilege.

it seems unlikely that the memory you are looking at is a solid block. It could be, but it seems risky.

And Yes I am trying to obtain a memory dump relating to the process "gametutorial".

Okay can someone give me a code example would appreciate it very much. At least there is something I can work with to understand what you all are saying better. @seeplus

Here is a pic of the results on how these bytes are 41mb's or + more
https://i.stack.imgur.com/8my67.png

Here is my updated code:

#include <Windows.h>
#include <stdio.h>
#include <iostream>
#include <fstream>


int sizevalue = 43.417254; // size of file
DWORD address = 0x43417254;
char Wfilename[14] = "cartfile.dat";
char Rfilename[33] = "cartfile.dat";

//entry
int main(int argc, char* argv[])
{
HWND hwnd = FindWindowA(NULL, "gametutorial");

if (hwnd == NULL)
{
cout << "Cannot find window." << endl;
Sleep(3000);
exit(-1);
}
else
{
DWORD procID;
GetWindowThreadProcessId(hwnd, &procID);
HANDLE handle = OpenProcess(PROCESS_VM_READ, PROCESS_VM_WRITE, procID);
if (procID == NULL)
{
cout << "Cannot obtain process." << endl;
Sleep(3000);
exit(-1);
}
else
{

for (;;)
{
if (GetAsyncKeyState(VK_F10))
{
printf("Dumping cartfile now... \n");
ofstream outputStream("cartfile.dat", ios::out | ios::binary);
if (outputStream.is_open())
{
std::cout << "file opened okay\n";
}
else
{
std::cout << "Error opening file\n";
}
ReadProcessMemory_(handle, (void*)address, &sizevalue, Rfilename, sizeof(sizevalue), 0);
WriteProcessMemory_(handle, (void*)address, &sizevalue, Wfilename, sizeof(sizevalue), 0);
//....//
outputStream.close();
system("pause");
return 0;
}
Sleep(1);
}
}
}


}

BOOL WriteProcessMemory_(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, CHAR* lpfile, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten)
{
return 0;
}

BOOL ReadProcessMemory_(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, CHAR* lpfile, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten)
{
return 0;
}


And he is my header file..

#pragma once
#include <Windows.h>
#include <stdio.h>
#include <iostream>
//#include .lib header

BOOL WriteProcessMemory_(
HANDLE hProcess,
LPVOID lpBaseAddress,
LPCVOID lpBuffer,
CHAR* lpfile,
SIZE_T nSize,
SIZE_T* lpNumberOfBytesWritten
);

BOOL ReadProcessMemory_(
HANDLE hProcess,
LPVOID lpBaseAddress,
LPCVOID lpBuffer,
CHAR* lpfile,
SIZE_T nSize,
SIZE_T* lpNumberOfBytesWritten
);

But it still dumps the cartfile with 0 file size 0kb.
So what now?

But your ReadProcessMemory_() doesn't call Windows ReadProcessMemory() - it just returns 0 ?? It needs to call ReadProcessMemory() and check that the return value is non zero. If it's zero then an error has occurred and the function has failed.

I know ReadProcessMemory_() does not call windows it is because I created the function that is part of the header file.

I wanted to create it to add another parameter to the function
Which is: CHAR* lpfile.
which handles the Wfilename, and Rfilename.

So my code compiles successfully and reads and opens and writes the cartfile in my folder.
but the total size is still 0kb file size.
I might be going about this all wrong.

Like this link is something similar to look at too see my approach I'm trying to do.
https://github.com/yquake2/pakextract/blob/master/pakextract.c

But I'm trying to dump the data from another file format either from memory or like this.
I hope you all understand now.

Either this is so far over your head that you'll need to take an extended break to learn the basics, or you're a troll.

I know the basics I'm not stupid I'm not a troll either.
I'm asking a question if you do not got the answer then why comment that crap.
readprocessmemory()
copies the data in the specified address range from the address space of the specified process into the specified buffer of the current process.

So my question still stands seems every time I try to ask on these sites I get this comment pointless nobody can clarify most don't even give a good answer because they cant.
So here I am again figuring it out myself.
question closed!!

If you use the windows ReadProcessMemory() and WriteProcessMemory(), does it work?

How do you know where in the gametutorial's memory you want to read?

What is the format of the data there?

Why comment

I commented because there is no relationship between
ReadProcessMemory_
and the kernel32.dll function which you must use
ReadProcessMemory.

@seeplus reminded you of this -- you could have overlooked it: it happens. But your reaction indicates that the explanation isn't enough to diagnose the problem. Based on this and the fairly complicated topic, I thought you were a troll.

most don't even give a good answer because they cant.

How true is that, unfortunately!