Hi guys.

I have a program, that calculates some values. I need to get these values in another program, without doing any changes in the first program.

What are the approches, that can help me to do this?

Any ideas are appreciated.
Thanks.

Depends on WHAT you want to get.
But basically you should use EnumWindows, EnumChildWindows (or was it EnumWindowsChild ?) and GetWindowText, or GetWindowByPoint (or something like that).

Suppose my first program is next:
In second program I need to get the value of k (while first is executing) and I can get address of k and I know it's type.

Inject a DLL in remote process by calling CreateRemoteThread() for example and you have access to process1 address space from that DLL which can send to your application.

Injecting a DLL as modoran suggested is a solid option, I personally prefer Thread Injection but I seem to be in the minority for that one.

- CreateRemoteThread(): http://msdn.microsoft.com/en-us/library/windows/desktop/ms682437(v=vs.85).aspx

This requires the HANDLE to the process you want to access. How do you plan on getting the HANDLE? I suggest using the Tool help library: http://msdn.microsoft.com/en-us/library/windows/desktop/ms686840(v=vs.85).aspx

This will allow you to find pretty much anything you need from the process and pass the th32ProcessID member to the OpenProcess() function to get your HANDLE.

- OpenProcess(...): http://msdn.microsoft.com/en-us/library/windows/desktop/ms684320(v=vs.85).aspx

This is a bit more complicated then we are making it seem, but in this case you should be OK because the "CreateRemoteThread()" is in Kernal32. Let us know if the host application is crashing, if it is you need to locate the address of "CreateRemoteThread()" and that gets to be fun.

I don't understand, how injecting the DLL will help me?

I wrote the code, which finds the handler of needed process (using Tool help library) and opens it (using OpenProcess) for VM_READ. But now i faced the next problem. How to figure out the address of variable k?

I can get the virtual address of this var using debugger or cheat engine. But the virtual address always changes. I though that I can calculate the offset of this var from initial ebp (this offset shouldn't change each time when the program loads), but I don't know how to get the initial ebp or esp.

Maybe there are other options on how to find the address of k?

Injecting a DLL is a simple way to get your code inside the memory space of another program loaded into memory. Otherwise you're limited in what you can do with another process due to Memory Protection. Since you want to access a variable that is not being returned from the application or output to a stream of any kind, you need to have your code loaded into the target process. You mentioned in another post that you could get the address for 'k', I was tempted to ask how but I didn't want to derail the thread, this is the largest obstacle in your question since there is no solid way to do it with the Windows API.

Injecting a DLL is a simple way to get your code inside the memory space of another program loaded into memory. Otherwise you're limited in what you can do with another process due to Memory Protection. Since you want to access a variable that is not being returned from the application or output to a stream of any kind, you need to have your code loaded into the target process.

Thanks. I think, now I understand the problem.

You mentioned in another post that you could get the address for 'k'

I'm just new to all this stuff, so it was an assumption to simplify the ingoing in the problem ))