C++

Forum

 
Reading memory

AR Khan (54)
How can i read computers memory effectively???
CManowar (17)
you can't (is that simple & complicated)
AR Khan (54)
But i think i made a foolish try using pointer, CManowar.
mackabee (152)
Depends AR Khan, are you trying to get your code to read the memory of its own process or read the memory of another process?

If you want to read the memory of your own process you can use pointers.

If you want to read the memory of another process you must use ReadProcessMemory() in Microsoft Windows or the ptrace() system call in Unix.

Of course if your code is running in kernel space then you can still use pointers to access other address spaces.
Last edited on
AR Khan (54)
Thanks mackabee. Consider this code,
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
 
#include<iostream.h>
#include<conio.h>
main()
{
      char a;    //Declaring variable
      char *ptr; //pointer pointing to "a"
      ptr=&a;    //assigning address of a to ptr
      
      for(int i=0;;i++) //loop that prints character at pointers value and
                        //jumps by 1 byte(compiler dependant)
      {
              ptr++;
              cout<<*ptr;
      }
      getch();
}

It gives some file names as output, some token etc but max useless and ends in an error. I want to study what is it??? And header file for ReadProcessMemory()???
Thanks again.
Last edited on
jsmith (5804)
ptr points to a single byte of allocated memory. The first time through your for() loop you print out this byte. Subsequent times through ptr points to possibly unallocated memory and therefore crashes.
AR Khan (54)
Yes it should crash. But processes other than this program store some data in the memory. Does ptr point to that when the loop iterates 2nd time and so on. I think "yes". If yes than can i read that effectively or all this discussion is meaningless???
Last edited on
helios (17511)
You're venturing into the terrain of system-dependent behavior. There is no guarantee that the OS will let you do that and, in all likeliness, it won't let you and will instead crash the program. I'm fairly sure that no OS advanced enough to have virtual memory will let you do that.
Take a look at ReadProcessMemory(), but as its name suggests, it will only let you read another process' memory. It still won't let you read memory at random.
The only program I've seen capable of doing that is SoftICE, a kernel-level debugger. It's been a long time, but IIRC, it used a kernel driver to directly access memory.
There's really no point is doing it other than systems programming (kernel and driver programming).
mackabee (152)
And the header file for ReadProcessMemory is in windows.h, possibly winbase.h; just check on MSDN.

There's really no point is doing it other than systems programming (kernel and driver programming).


Or game hacking *evil smile*
Last edited on
Topic archived. No new replies allowed.