Reading memory in C++

May 2, 2011 at 5:02pm
Hey guys, I've been googeling for a while now but the articles I find are a little bit too specific, but what I want is on a beginner-level. I found the following multi-level pointer; http://i1132.photobucket.com/albums/m577/kakaboeie/pointer.jpg

Now what I want to do is; In visual studio 2010 (C++ Windows Forms application) retrieve said pointer's value and show it in a textbox.

I know it may be a bit rude to simply ask for such a thing, but it would immensly help me out since for some reason I can never start learning things without a live sample :X

To clarify; The pointer is your current-HP value in a game called "Perfect World International". This is completely useless ofcourse but I thought it'd be good for figuring out how I can take a pointer's value and show it in a textbox.

I know it's a very boring thing to do for more advanced people, but thanks alot for whoever can help me figure this out!
May 2, 2011 at 5:12pm
A pointer is an object that exists in memory. It often takes up the same amount of space as an int, but the actual size of the pointer varies from system to system.

The value of the pointer is a number. That number could be zero, in which case it is a "null pointer", or it could be some other number.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
#include<iostream>
using std::cout;
int main()
{
  int* p;

  int x=7;

  p = &x;

  cout << p <<" "; //value of p
  cout << *p;  // value of the object p is pointing to, which is in memory location "p"

  return 0;

}

Last edited on May 2, 2011 at 5:24pm
May 2, 2011 at 8:26pm
Hey, thanks alot for taking the time to reply but I'm afraid I still don't get it. Possibly because I'm making a transition from VB to C++ because now that I need memory reading I'm starting to see it's limits. Maybe I'm starting out with something a bit too hard but I want to keep trying nonetheless.

I found the following code elsewhere;

Code cpp:
1
2
3
4
5
6
7
8
9
10
template<typename _ret_t> _ret_t ReadMemory(char Caption[], int long Address)
{
    DWORD PROC_ID;
    HANDLE PROC_HANDLE;
    _ret_t ret;
    GetWindowThreadProcessId(FindWindow(NULL, (LPCTSTR)Caption), &PROC_ID);
    PROC_HANDLE = OpenProcess(PROCESS_ALL_ACCESS, false, PROC_ID);
    ReadProcessMemory(PROC_HANDLE, (void*)Address, &ret, sizeof(_ret_t), NULL);
    CloseHandle(PROC_HANDLE);
    return Value;


This will allow you to read any type from the process at internal memory offset Address. Here is an example of calling the function:
std::cout << "Byte at 0x403000: 0x" << std::hex << (int)ReadMemory<unsigned char>("test", 0x403000) << std::endl;

This should return values such as:
Byte at 0x403000: 0x58

This would best be used with a for loop similar to:
1
2
3
4
for (unsigned int offset = 0x403000; offset < 0x403010; offset++)
{
std::cout << "Byte at 0x" << std::hex << offset << ": 0x" << std::hex << (int)ReadMemory<unsigned char>("test", offset) << std::endl;
}


The values you are seeing now are slightly overlapped. The first call gets the values from 0x403000 to 0x403003 and the next gets from 0x403001 to 0x403004 and so on. Also, a WriteMemory function can be created nearly the same as ReadMemory, it should be simple to figure out. If you need anything else just post.

---------

Now I think this is a step in the right direction but I still don't get how to
A. Show the "value" of a memory address (demonstrated here; http://i1132.photobucket.com/albums/m577/kakaboeie/memory.jpg )
B. Use a memory pointer instead of an address to show the value of the address said pointer points to. (Found memory pointer here; http://i1132.photobucket.com/albums/m577/kakaboeie/pointer.jpg )

Sorry if I'm showing a huge lack of initiative here, but I do have a learning disability in the sense that I can't just buy a tutorial and go through it; nothing will stick. I always start learning new codes by analyzing an example and breaking it down into re-usable parts. I'd greatly appreciate it if someone can help me out here, and again; sorry if I seem ignorant.
May 2, 2011 at 8:28pm
In my code above, this:

cout << p <<" "; //value of p

shows the "value" of a memory address (your point A above)

and this

cout << *p; // value of the object p is pointing to, which is in memory location "p"

uses a memory pointer instead of an address to show the value of the address said pointer points to (your point B above).

Last edited on May 2, 2011 at 8:31pm
May 2, 2011 at 8:36pm
Yeah I can see it neatly printed out on the console window, but do I understand this correctly? You stated;

A pointer is an object that exists in memory. It often takes up the same amount of space as an int, but the actual size of the pointer varies from system to system.

So in your example you literally just used a randomly generated int rather than a pre-defined memory address, and this is not an actual example of what I could(should) be doing? I feel like the special kid in class right now ;P
May 2, 2011 at 8:53pm
Yes, I just used an int that I made so that I would be able to demonstrate reading memory that we already know the contents of, to show it's working.

You could put any value you like in p, like this.

1
2
3
4
5
6
7
8
9
10
11
12
#include<iostream>

int main()
{

  int* p =(int*)0x403010;


  std::cout << p << " " << std::endl;
  std::cout << *p;
  return 0;
}


This causes a segfault, because with this line

std::cout << *p;

I'm asking for the contents of memory location 0x403010, which is forbidden to me in this case. That value has no special meaning, so I'm not surprised it's not my memory to look at.

What you should not be doing is picking memory locations at random. If you want to know the memory location of a variable, you can fetch it with the & operator, as in my earlier code. You will not often have any business wanting to know the value of the contents of an address in memory if you haven't actually created something in that memory-space. The only exception I can think of at the moment is in embedded hardware with real-world physical devices mapped to set numerical memory addresses (for example, an LED on a hardware board will often have its state mapped to a set numerical value in memory that you read in the board's dev manual and then use for the purpose of setting that LED state).

That template you have above is a long-winded WinAPI version of the same thing; demanding to know the value of the object at memory location 0x403010

Last edited on May 2, 2011 at 9:04pm
May 2, 2011 at 9:08pm
Alrighty thanks for taking the time to explain a little further, but I think I may need to explain more about what I'm trying to do. I want to make a time-recorder for the game "Rift" that records my time played on my current level. The idea is simple;

0. Check if logged in every X seconds
1. Retrieve Character name from Memory.
2. Character already exist? Go to 4
3. Create txt file; charactername.txt
4. Already a value present for current level? Go to 6.
5. Write a "0" to txt file in this format (assuming we are level 12) 12: 0
6. Load text file. Check saved time value for current level and add 1 to it every second

Now this isn't very hard to do it all; only problem is the memory address for "current character name" keeps changing. At one login it can be 04D43844 but the next it could be an entirely different number. So instead, using Cheat Engine (don't take the name too literal, not trying to/wanting to cheat) I find the pointer that writes to the address, and take that pointer's value instead.

So I don't know the address up-front, that's why I use the pointer.

EDIT: Oh u edited ur post.. re-reading. Yeah it seems I wasn't clear enough, I am reading from a game client, not something I made myself.
Last edited on May 2, 2011 at 9:10pm
May 2, 2011 at 11:05pm
closed account (zwA4jE8b)
Also, it is not so much a random int for the address, windows manages memory for it's applications. The os assigns address space.

C# seems to be typically used to make windows memory scanners.
Last edited on May 2, 2011 at 11:06pm
May 2, 2011 at 11:13pm
Did you get a chance to look at my last reply? In your previous post you said;

(1)If you want to know the memory location of a variable, you can fetch it with the & operator, as in my earlier code. (2)You will not often have any business wanting to know the value of the contents of an address in memory if you haven't actually created something in that memory-space.

1. I don't know the variable before-hand. I *could* put my charactername in the application of course, but that's exactly what I want to avoid having to do.
2. Something is indeed created in the memory space, but if this app is supposed to be used by people other than me; so I never know what their character names are beforehand.
May 2, 2011 at 11:17pm
Dude, that's someone else. :)
May 2, 2011 at 11:33pm
Sorry, past 1 AM over here so I'm really tired but I refuse to go to bed till I fix this, lol :P Now I'm oficially the special ed kid :D
May 3, 2011 at 12:19am
That sounds really fugly to me. Why don't you have the login process just send the data to this other process instead of setting some random unknown memory address?

In fact, that's how almost all sever/client programs work.
May 3, 2011 at 12:22am
Well, mainly because I simply want to learn *how* to do it. I'd been walking around with the idea for a week or two, and now I just *have* to do it man. It's a flipping obsession by now and it's driving me nuts >.>
Last edited on May 3, 2011 at 12:22am
Topic archived. No new replies allowed.