- Forum
- Windows Programming
- data from address
data from address
Hi,
I am up with a small question. It would be helpful if anyone could provide me with apt solution.
Problem:
I know the address say 0xddfb4f08 and i want to see the content stored in this address how can i see it.
note: this memory is used by any random process. Need not be the same process which is trying to access it.
Regards,
Badsaah
I am up with a small question. It would be helpful if anyone could provide me with apt solution.
Problem:
I know the address say 0xddfb4f08 and i want to see the content stored in this address how can i see it.
note: this memory is used by any random process. Need not be the same process which is trying to access it.
Regards,
Badsaah
Never done it myself, but what you want is probably along the lines of ReadProcessMemory().
You know if you're straight with us and actually tell us what you are doing we have a better chance of helping you. Some of us won't answer shadey looking questions and others will, it's a crap shoot but it's your best shot.
Hi,
ya i tried readprocessmemory() but i am not able to succeed with my code.. i am attaching my code with this for your better understanding..
Code:
#include <windows.h>
#include <iostream>
#include <string>
using namespace std;
int main()
{
int address =0x0A021C7A;
int val;
char decision;
DWORD pid;
HWND hwnd = FindWindow(NULL,"Calculator");
std::cout<<hwnd<<std::endl;
if(!hwnd)
{
cout <<"Window not found!"<<"\n";
cout<<"Check if the Process window exists ?????"<< " Press 'Y' if it exists\n";
std::cin>>decision;
if(decision==89)
{
cout<<"Please see the task manager and enter the Process Id (PID)";
std::cin>>pid;
}
else
{
cout<<"The request could not be completed";
}
}
else
{
GetWindowThreadProcessId(hwnd,&pid);
std::cout<<pid<<std::endl;
}
HANDLE phandle = OpenProcess(PROCESS_VM_READ,0,pid);
if(!phandle)
{
cout <<"Could not get handle!";
}
else
{
cout<<phandle<<"\n";
ReadProcessMemory(phandle,(LPCVOID)address,&val,4,0);
cout << val;
}
int a;
DWORD WINAPI GetLastError(void);
a=GetLastError();
cout<<"\n"<<a<<"\n";
}
system("pause");
return 0;
}
OUTPUT
001d08a6 //hwnd- differs if the calculator is closed and opened again
5844 //pid- differs when calc is closed and opened again
00000fc8 //phandle -- always the same for even different processes
-858993460 //val- always the same for all proceesses even 4r processes other than calc
299 // Error code - 299-- not able to read properly..
it would be helpful if you could just run through the pgm and find out the best solution to get the proper "val"..
Regards,
Badsaah
ya i tried readprocessmemory() but i am not able to succeed with my code.. i am attaching my code with this for your better understanding..
Code:
#include <windows.h>
#include <iostream>
#include <string>
using namespace std;
int main()
{
int address =0x0A021C7A;
int val;
char decision;
DWORD pid;
HWND hwnd = FindWindow(NULL,"Calculator");
std::cout<<hwnd<<std::endl;
if(!hwnd)
{
cout <<"Window not found!"<<"\n";
cout<<"Check if the Process window exists ?????"<< " Press 'Y' if it exists\n";
std::cin>>decision;
if(decision==89)
{
cout<<"Please see the task manager and enter the Process Id (PID)";
std::cin>>pid;
}
else
{
cout<<"The request could not be completed";
}
}
else
{
GetWindowThreadProcessId(hwnd,&pid);
std::cout<<pid<<std::endl;
}
HANDLE phandle = OpenProcess(PROCESS_VM_READ,0,pid);
if(!phandle)
{
cout <<"Could not get handle!";
}
else
{
cout<<phandle<<"\n";
ReadProcessMemory(phandle,(LPCVOID)address,&val,4,0);
cout << val;
}
int a;
DWORD WINAPI GetLastError(void);
a=GetLastError();
cout<<"\n"<<a<<"\n";
}
system("pause");
return 0;
}
OUTPUT
001d08a6 //hwnd- differs if the calculator is closed and opened again
5844 //pid- differs when calc is closed and opened again
00000fc8 //phandle -- always the same for even different processes
-858993460 //val- always the same for all proceesses even 4r processes other than calc
299 // Error code - 299-- not able to read properly..
it would be helpful if you could just run through the pgm and find out the best solution to get the proper "val"..
Regards,
Badsaah
Last edited on
| badsaah wrote: |
|---|
| I know the address say 0xddfb4f08 and i want to see the content stored in this address how can i see it. |
badsaah wrote:
I'd like to know what "value" we are looking for. Right now you're going for a specific address and I really don't know why, a google search of that Hex value doesn't turn anything up. You don't actually know that that address is in side your target process so using "ReadProcessMemory()" like that won't work.
| it would be helpful if you could just run through the pgm and find out the best solution to get the proper "value".. |
I'd like to know what "value" we are looking for. Right now you're going for a specific address and I really don't know why, a google search of that Hex value doesn't turn anything up. You don't actually know that that address is in side your target process so using "ReadProcessMemory()" like that won't work.
Hi,
Computer geek01: I am not clear with your reply but let me put my intent in better terms so that it would be easy for understanding.
My code is running on visual studio 2008. and i am interested in reading a memory location used by another process. for this purpose i am
(i) Initially getting the Process id(pid) of the process
(ii)and then calling for open process function in which i am providing Process_vm_read, a null value for variable inheritance and the pid.
(iii)Now once i get the handle of the process i am interested in reading the specific memory used by the process. so i call for read process memory function. by providing in the details.
(iv) this function should give me the value stored at that specific memory through the variable val but i am not getting it.. that is why i am confused where i have gone wrong in understanding the program.
Hope my intent is clear to you now..
Ink:
I shall try that ink but does that memory viewer tool provide information about memory used by another process??
Regards,
Badsaah
Computer geek01: I am not clear with your reply but let me put my intent in better terms so that it would be easy for understanding.
My code is running on visual studio 2008. and i am interested in reading a memory location used by another process. for this purpose i am
(i) Initially getting the Process id(pid) of the process
(ii)and then calling for open process function in which i am providing Process_vm_read, a null value for variable inheritance and the pid.
(iii)Now once i get the handle of the process i am interested in reading the specific memory used by the process. so i call for read process memory function. by providing in the details.
(iv) this function should give me the value stored at that specific memory through the variable val but i am not getting it.. that is why i am confused where i have gone wrong in understanding the program.
Hope my intent is clear to you now..
Ink:
I shall try that ink but does that memory viewer tool provide information about memory used by another process??
Regards,
Badsaah
| I shall try that ink but does that memory viewer tool provide information about memory used by another process?? |
P.S: it's Lnk2019... :)
Last edited on
The address you are trying to read (0x0A021C7A) is most likely meaningless. Most processes just won't hardcode a memory address, so really this doesn't make much sense at all.
If you look up examples of ReadProcessMemory(), you'll find out that the caller usually have previously allocated that memory address using VirtualAllocEx() and may have done something with it, like a SendMessage() with WM_GETTEXT to obtain the text of a particular window. Just using ReadProcessMemory() with a hardcoded address is 99.999999% of the time senseless.
If you look up examples of ReadProcessMemory(), you'll find out that the caller usually have previously allocated that memory address using VirtualAllocEx() and may have done something with it, like a SendMessage() with WM_GETTEXT to obtain the text of a particular window. Just using ReadProcessMemory() with a hardcoded address is 99.999999% of the time senseless.
What you are trying to do (read random memory address ) was possible only on very old MSDOS days.
Fortunately these days, windows operating system does not allow you to do that.
Fortunately these days, windows operating system does not allow you to do that.
ReadProcessMemory is just for debugging. An application cannot just look inside another processes memory
The big selling point of WIN32 over the old WIN16 was the fact that applications are isolated and therefore could not cause each other to crash.
The big selling point of WIN32 over the old WIN16 was the fact that applications are isolated and therefore could not cause each other to crash.
Last edited on
| andywestken wrote: |
|---|
| An application cannot just look inside another processes memory |
... unless it has the debug privilege (that's how cheat engines work).
Useful link -> http://www.daniweb.com/software-development/cpp/threads/372173/1601104#post1601104
have you considered injecting a dll (http://codepad.org/JMWXlFhZ) and just reading the memory directly?
given the nature of programs which need to read memory from other processes, I doubt that this is a one-time operation & to that end you'll probably need to read memory over and over
InterlockedExchangePointer will be your friend:
http://msdn.microsoft.com/en-us/library/ms683609(v=vs.85).aspx
given the nature of programs which need to read memory from other processes, I doubt that this is a one-time operation & to that end you'll probably need to read memory over and over
InterlockedExchangePointer will be your friend:
http://msdn.microsoft.com/en-us/library/ms683609(v=vs.85).aspx
Topic archived. No new replies allowed.