Solved

Memory search

Posted on 1997-11-24
3
328 Views
Last Modified: 2013-12-03
I want to find a number stored somehwere in a win16 application.  The way I have set out to do this is use CreateProcess in my application to start the win16 program.  I then use the OpenProcess with the intention of using ReadProcessMemory.  So I go through all of this only I am not finding what I should.  To test the whole procedure I wrote my own simple win16 program with specific numbers on the stack and another set on the heap.  I then set out to find those numbers in my test program only it didn't work.  Why not?  If this hasn't made sense yet read on.  My search routine looked something like:

HANDLE h;  // is the process handle from OpenProcess
short number; // is the number I am looking for

int i=0;
short chk;  // 2 byte number

/*
The idea here is since I don't know the actual size of the process memory, as soon as i becomes too big and is outside the valid process memory ReadProcessMemory will fail.  So in theory (at least the way I understand it) this should check all the memory in the process, the stack and heap, and program code.
*/
while(ReadProcessMemory(h,(void*)i,&chk,2,&readBytes) != 0)
{
   if (chk == number)
   {
       // I just print the location here
   }
   i++
}

So anyway I see it as the above code should check through everything in the program and the memory it is using.  It is searching through something, it goes through about a meg of memory before ReadProcessMemory fails.  But it doesn't find what it should.  So, at least, its not search the stack or heap (which is what I want).  So what is going on?  What is it searching?  And how do I get at the data I want to search?

Any thoughts/comments would be greatly appreciated.

Thanx ... Jason
0
Comment
Question by:tlsoftware
  • 2
3 Comments
 
LVL 7

Accepted Solution

by:
faster earned 200 total points
ID: 1408818
I have not used ReadProcessMemory(), but from its documentation, I don't think it can do what you want to.

The problem is that the address space of a process may not be continuous.  Now you will search from 0 to some address, then you may enter a region where you can not read, either because you don't have the access rights or the memory does not exist at all (note that win32 is using virtual memory).  Therefore, unless you know exactly where the heap and stack exists in the process's address space, you will not be able to search it.

What are you trying to do exactly?  If the target program is fixed, then you need not write your own program to do it.  There are such utilities to search other process's memory (SoftICE is an example).  But you have another problem, your target is too small: 2 bytes only.  You probably will get numerous matches.
0
 

Author Comment

by:tlsoftware
ID: 1408819
I am aware of the two byte issue.  In practice I would search memory as many times as needed, each time having the application change the number in question.  So in the end I could locate it by cross references all the occurances of the number.

A program that can do this search for me would be nice for immediate use.  As far as I know SoftIce is a fairly expensive debugger outside of my price range.  Any other programs?

However I'm still going to need to write this program eventually so if you have any other advice...  Ideally I'd like to have windows tell me where the heap and stack are located relative to the process's memory.  Can I do this?
0
 
LVL 7

Expert Comment

by:faster
ID: 1408820
I remember that in the book "advanced windows programming" memory issues are discussed in detail.  But I can not remember it now.  If you can not find the book, I can check it out for you, but probably severals days later.

Besides, I still don't understand why you need such a program.  Becuase you must create the process yourself, thus it can only be useful in very limited situations (offline).
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show how to use the Ribbon IDs Tool Window to assign the built-in Office icons to a ribbon button.  This tool will help us to find the OfficeImageId that corresponds to our desired built-in Office icon. The tool is part of…
With most software applications trying to cater to multiple user needs nowadays, the focus is to make them as configurable as possible. For e.g., when creating Silverlight applications which will connect to WCF services, the service end point usuall…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now