Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Memory search

Posted on 1997-11-24
3
330 Views
Last Modified: 2013-12-03
I want to find a number stored somehwere in a win16 application.  The way I have set out to do this is use CreateProcess in my application to start the win16 program.  I then use the OpenProcess with the intention of using ReadProcessMemory.  So I go through all of this only I am not finding what I should.  To test the whole procedure I wrote my own simple win16 program with specific numbers on the stack and another set on the heap.  I then set out to find those numbers in my test program only it didn't work.  Why not?  If this hasn't made sense yet read on.  My search routine looked something like:

HANDLE h;  // is the process handle from OpenProcess
short number; // is the number I am looking for

int i=0;
short chk;  // 2 byte number

/*
The idea here is since I don't know the actual size of the process memory, as soon as i becomes too big and is outside the valid process memory ReadProcessMemory will fail.  So in theory (at least the way I understand it) this should check all the memory in the process, the stack and heap, and program code.
*/
while(ReadProcessMemory(h,(void*)i,&chk,2,&readBytes) != 0)
{
   if (chk == number)
   {
       // I just print the location here
   }
   i++
}

So anyway I see it as the above code should check through everything in the program and the memory it is using.  It is searching through something, it goes through about a meg of memory before ReadProcessMemory fails.  But it doesn't find what it should.  So, at least, its not search the stack or heap (which is what I want).  So what is going on?  What is it searching?  And how do I get at the data I want to search?

Any thoughts/comments would be greatly appreciated.

Thanx ... Jason
0
Comment
Question by:tlsoftware
  • 2
3 Comments
 
LVL 7

Accepted Solution

by:
faster earned 200 total points
ID: 1408818
I have not used ReadProcessMemory(), but from its documentation, I don't think it can do what you want to.

The problem is that the address space of a process may not be continuous.  Now you will search from 0 to some address, then you may enter a region where you can not read, either because you don't have the access rights or the memory does not exist at all (note that win32 is using virtual memory).  Therefore, unless you know exactly where the heap and stack exists in the process's address space, you will not be able to search it.

What are you trying to do exactly?  If the target program is fixed, then you need not write your own program to do it.  There are such utilities to search other process's memory (SoftICE is an example).  But you have another problem, your target is too small: 2 bytes only.  You probably will get numerous matches.
0
 

Author Comment

by:tlsoftware
ID: 1408819
I am aware of the two byte issue.  In practice I would search memory as many times as needed, each time having the application change the number in question.  So in the end I could locate it by cross references all the occurances of the number.

A program that can do this search for me would be nice for immediate use.  As far as I know SoftIce is a fairly expensive debugger outside of my price range.  Any other programs?

However I'm still going to need to write this program eventually so if you have any other advice...  Ideally I'd like to have windows tell me where the heap and stack are located relative to the process's memory.  Can I do this?
0
 
LVL 7

Expert Comment

by:faster
ID: 1408820
I remember that in the book "advanced windows programming" memory issues are discussed in detail.  But I can not remember it now.  If you can not find the book, I can check it out for you, but probably severals days later.

Besides, I still don't understand why you need such a program.  Becuase you must create the process yourself, thus it can only be useful in very limited situations (offline).
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Get the most recent file to copy into a sql table with ssis 2 108
Mixed results 10 90
VBA Error Since Excel 2016 x64 5 119
Where did System.Data.Objects go? 2 40
This article shows a few slightly more advanced techniques for Windows 7 gadget programming, including how to save and restore user settings for your gadget and how to populate the "details" panel that is displayed in the Windows 7 gadget gallery.  …
zlib is a free compression library (a DLL) on which the popular gzip utility is built.  In this article, we'll see how to use the zlib functions to compress and decompress data in memory; that is, without needing to use a temporary file.  We'll be c…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question