[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

VB5: Working with memory

Posted on 2000-05-01
12
Medium Priority
?
197 Views
Last Modified: 2010-05-02
I need example source on how to search the systems ram for specific values, map out the entire contents of the systems ram, and alter values at any point within the systems ram.    So for a simple example.  Say program A which is a 3rd party app is running and has the value 20 stored in memory for it's own use.  I need to be able to find that value and change it.
0
Comment
Question by:ChrisK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 2

Author Comment

by:ChrisK
ID: 2765800
Also any info / links to indepth documentation about how data is stored in memory and then located by the program again would be helpfull.
0
 
LVL 18

Expert Comment

by:mdougan
ID: 2765831
I'm not sure that this is possible.  A General Protection Fault is what occurs when a program tries to access memory which is allocated to something outside it's own process.
0
 
LVL 18

Expert Comment

by:mdougan
ID: 2765837
There is a Windows API called GlobalMemoryStatus that can give you some info about memory, like how much is available etc. and you can see how this works through the VB Sample CallDLLs.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 12

Expert Comment

by:mark2150
ID: 2766028
In general VB programs are prevented from scanning memory. There are no direct functions (PEEK and POKE are long gone) and the task encapsulation rules forbid programs from examining memory outside their designated task area.

Cross application memory access is dangerous and specifically forbidden. This will tend to destabilize windows (which is not known for it's rock solidity). I don't know what you're trying to do, but this approach is *NOT* going to work, or if you can get it to work will be so dangerous and unstable that it won't work in a production program.

Each task owns it's own memory space and can be rolled in and out of memory at any time. There is no guarentee that a specific task will remain in the same memory block from moment to moment.

The hardware memory management will generate a PAGE FAULT as soon as your task attempts to write to memory outside it's memory pool. This is so that one task cannot "corrupt" another. This is a core level protocol in the OS and should be breached.

Don't do this.

M
0
 
LVL 12

Expert Comment

by:mark2150
ID: 2766033
Sorry s/b "should NOT be breached"...

M
0
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 2766870
I think our guy is trying to hack/bypass some password protected applications...

Agreeing on the comment of Mark2150 that memory allocation (pages) is volatile, you would need to
1) identify as system
2) lock the other application from running
3) scan and alter the memory

For all 3 of them, it is certainly possible, even within VB, to do this using some obscure and maybe undocumented API.

As Mark2150 proposed, i repeat you should really think, let's say 10 times, before you even try to implement something like this.

Could you present what/why you need this.
0
 
LVL 2

Author Comment

by:ChrisK
ID: 2767449
No, I'm not trying to hack password protection schemes.  If anything it's for me to learn more about how memory works and then hopefully spawn ideas from that to aid me in creating software to PREVENT what I'm wanting to do here.  As is I know what I'm asking is very possible, because I've seen lots of apps that can do it.  I need the inner workings to fully understand though.
0
 
LVL 2

Author Comment

by:ChrisK
ID: 2767476
Start wth the obvious and most simplistic part that you CAN explain, then we'll expand from there.  Example, I know data is stored at (practically random) intervals in memory...just filling the slots basically in the order that it is requested from each program.  So program A and program B could have their data all mixed up in memory together.  Well they both magically are able to pull that data back from memory.  This means they have to be keeping track of what registers the data is stored in.  Is there a "header" such as that in the beginning of file types used in memory blocks to distinguish between them?  Provide some simple source so I can look at the contents of the memory on my system, not write to, just look.  Then from there we'll expand this.
0
 
LVL 12

Accepted Solution

by:
mark2150 earned 400 total points
ID: 2767675
" So program A and program B could have their data all mixed up in memory together. " - No. Memory is allocated in contiguous blocks when app is loaded. App can demand more, but typically only a couple of areas are used. Simpler to manage.

Each programs memory block is local to it. Understand that the 80x86 series CPU has segment/offset model. Segment base address is set by loader when task is placed into memory and offset proceeds from there. Physical memory address is *sum* of those two.

Memory is not just randomly assigned. This is why you should *declare* vars before you use them - to tell complier how much memory and what type vars will be.

You want to explore memory, you should be using DEBUG, not VB. Get a good book on assembly and learn from that aspect.

In VB and other high level languages variable addresses are resolved automatically by compiler. Each variable *name* you specify is converted into an address pointer to the data (actually it's more complex than this but we'll go with it for now). Every time your program references that variable the compiler replaces the name (label) with the offset of the memory block allocated. At program load time the base addresses are set (segments) and your program simply references relative to that base. This allows your program to be relocated anywhere in memory (even when running) and not be "aware" of change.

Actually in VB memory is a little more indirect. The variables you create have a header and the data itself that are normally stored in two different areas. The header is pointed to by the variable name and contains typing information and pointers to where the actual data is kept. This is why VB can support the VARIANT data type can be redefined on the fly. The pointer block is the same size no matter what the variable is holding and the dynamic memory area where the data is actually kept can be extended as required. This is why VB's strings can be so long.

Since memory is managed by the OS, you can have tasks rolled out to disk or have their variables rolled out. If you create a binary string value you can have that one string bigger than physical memory. The program just keeps allocating blocks and rolling the unused part out to disk. This is one of the reasons that Windows is such a memory pig.

VB, as a language, strives to hide the messy details of memory management from you. About the only thing that you can do to help it along is to use CONSTants (which do not take up memory) and remember to set things to NOTHING when you're done with them. This tells VB to release the memory previously allocated to the var back into the dynamic memory pool.

You can also see the effects of this in the fact that there is the possibility of a variable being NULL or untyped vs being zero or empty (typed but unassigned).

M
0
 
LVL 2

Author Comment

by:ChrisK
ID: 2768246
Good info for a start mark, but you didn't say where the "map" of the segement and offsets is being kept.

Simple example, 2 programs running.


0---------------20---------------40
| PROG A        |   PROG B       |


Prog A was loaded into memory first, so it started at 0 and went till 20.  Prog B was then loaded and goes to 40.  Now lets say prog A needs more memory storage for a process.  Which way does it handle it?

** EXAMPLE 1 **

0-------------30---------------50
| PROG A      |  PROG B

** EXAMPLE 2 **

0-------------20-------------40--------50
| PROG A      |    PROG B   |  PROG A |


And then of course going back to, where is it storing this "map", or array or what have you, telling it that variable BLAH is stored in sector 45.

Lastly, you didn't really answer the initial question, just kinda went around it.  Think of a game "trainer" for example.  There are several out there which work with any game in existance because they scan the memory for the value you specify, then you change that value, it scans, then you change it again, it scans.  By this run it knows exactly where the value is stored, and it can then be changed or frozen.  I need to know specifically how to do this, as well as any theories on how to prevent it's use from a game producers stand point.
0
 
LVL 12

Expert Comment

by:mark2150
ID: 2769144
The MAP is kept in the memory management unit. It knows what it assigned to what task and where the boundaries are. This is the unit that throws the GPF when your task attempts to step "out of bounds". This is a hardware unit on the CPU address buss. It will stop your program in mid instruction with an interrupt and abort your task. When you reply to the "invalid page fault" or "General Protection error", the task is dumped from memory and processing (usually) continues.

In your example, Task B can be rolled out, additional memory allocated to task A and then task B brought back in again. This keeps all of task A contiguous and helps explain why your disk will sometimes chatter for no appearent reason.

The kind of memory access you're looking for is simply not part of VB. VB was designed *specifically* to hide the gory details of memory allocation to prevent tasks from interfering with one another. This is the classic definition of an "illbehaved" DOS app.

M
0
 
LVL 2

Author Comment

by:ChrisK
ID: 2769404
Using vb by itself I know it's impossible.  But API routines or possible external dll's would make it very possible.  The programs which CAN do this are written in VC++ 5...and win api and 3rd party dll's are typically written in c++.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction While answering a recent question about filtering a custom class collection, I realized that this could be accomplished with very little code by using the ScriptControl (SC) library.  This article will introduce you to the SC library a…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question