Solved

VB5: Working with memory

Posted on 2000-05-01
12
189 Views
Last Modified: 2010-05-02
I need example source on how to search the systems ram for specific values, map out the entire contents of the systems ram, and alter values at any point within the systems ram.    So for a simple example.  Say program A which is a 3rd party app is running and has the value 20 stored in memory for it's own use.  I need to be able to find that value and change it.
0
Comment
Question by:ChrisK
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 2

Author Comment

by:ChrisK
Comment Utility
Also any info / links to indepth documentation about how data is stored in memory and then located by the program again would be helpfull.
0
 
LVL 18

Expert Comment

by:mdougan
Comment Utility
I'm not sure that this is possible.  A General Protection Fault is what occurs when a program tries to access memory which is allocated to something outside it's own process.
0
 
LVL 18

Expert Comment

by:mdougan
Comment Utility
There is a Windows API called GlobalMemoryStatus that can give you some info about memory, like how much is available etc. and you can see how this works through the VB Sample CallDLLs.
0
 
LVL 12

Expert Comment

by:mark2150
Comment Utility
In general VB programs are prevented from scanning memory. There are no direct functions (PEEK and POKE are long gone) and the task encapsulation rules forbid programs from examining memory outside their designated task area.

Cross application memory access is dangerous and specifically forbidden. This will tend to destabilize windows (which is not known for it's rock solidity). I don't know what you're trying to do, but this approach is *NOT* going to work, or if you can get it to work will be so dangerous and unstable that it won't work in a production program.

Each task owns it's own memory space and can be rolled in and out of memory at any time. There is no guarentee that a specific task will remain in the same memory block from moment to moment.

The hardware memory management will generate a PAGE FAULT as soon as your task attempts to write to memory outside it's memory pool. This is so that one task cannot "corrupt" another. This is a core level protocol in the OS and should be breached.

Don't do this.

M
0
 
LVL 12

Expert Comment

by:mark2150
Comment Utility
Sorry s/b "should NOT be breached"...

M
0
 
LVL 142

Expert Comment

by:Guy Hengel [angelIII / a3]
Comment Utility
I think our guy is trying to hack/bypass some password protected applications...

Agreeing on the comment of Mark2150 that memory allocation (pages) is volatile, you would need to
1) identify as system
2) lock the other application from running
3) scan and alter the memory

For all 3 of them, it is certainly possible, even within VB, to do this using some obscure and maybe undocumented API.

As Mark2150 proposed, i repeat you should really think, let's say 10 times, before you even try to implement something like this.

Could you present what/why you need this.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 2

Author Comment

by:ChrisK
Comment Utility
No, I'm not trying to hack password protection schemes.  If anything it's for me to learn more about how memory works and then hopefully spawn ideas from that to aid me in creating software to PREVENT what I'm wanting to do here.  As is I know what I'm asking is very possible, because I've seen lots of apps that can do it.  I need the inner workings to fully understand though.
0
 
LVL 2

Author Comment

by:ChrisK
Comment Utility
Start wth the obvious and most simplistic part that you CAN explain, then we'll expand from there.  Example, I know data is stored at (practically random) intervals in memory...just filling the slots basically in the order that it is requested from each program.  So program A and program B could have their data all mixed up in memory together.  Well they both magically are able to pull that data back from memory.  This means they have to be keeping track of what registers the data is stored in.  Is there a "header" such as that in the beginning of file types used in memory blocks to distinguish between them?  Provide some simple source so I can look at the contents of the memory on my system, not write to, just look.  Then from there we'll expand this.
0
 
LVL 12

Accepted Solution

by:
mark2150 earned 200 total points
Comment Utility
" So program A and program B could have their data all mixed up in memory together. " - No. Memory is allocated in contiguous blocks when app is loaded. App can demand more, but typically only a couple of areas are used. Simpler to manage.

Each programs memory block is local to it. Understand that the 80x86 series CPU has segment/offset model. Segment base address is set by loader when task is placed into memory and offset proceeds from there. Physical memory address is *sum* of those two.

Memory is not just randomly assigned. This is why you should *declare* vars before you use them - to tell complier how much memory and what type vars will be.

You want to explore memory, you should be using DEBUG, not VB. Get a good book on assembly and learn from that aspect.

In VB and other high level languages variable addresses are resolved automatically by compiler. Each variable *name* you specify is converted into an address pointer to the data (actually it's more complex than this but we'll go with it for now). Every time your program references that variable the compiler replaces the name (label) with the offset of the memory block allocated. At program load time the base addresses are set (segments) and your program simply references relative to that base. This allows your program to be relocated anywhere in memory (even when running) and not be "aware" of change.

Actually in VB memory is a little more indirect. The variables you create have a header and the data itself that are normally stored in two different areas. The header is pointed to by the variable name and contains typing information and pointers to where the actual data is kept. This is why VB can support the VARIANT data type can be redefined on the fly. The pointer block is the same size no matter what the variable is holding and the dynamic memory area where the data is actually kept can be extended as required. This is why VB's strings can be so long.

Since memory is managed by the OS, you can have tasks rolled out to disk or have their variables rolled out. If you create a binary string value you can have that one string bigger than physical memory. The program just keeps allocating blocks and rolling the unused part out to disk. This is one of the reasons that Windows is such a memory pig.

VB, as a language, strives to hide the messy details of memory management from you. About the only thing that you can do to help it along is to use CONSTants (which do not take up memory) and remember to set things to NOTHING when you're done with them. This tells VB to release the memory previously allocated to the var back into the dynamic memory pool.

You can also see the effects of this in the fact that there is the possibility of a variable being NULL or untyped vs being zero or empty (typed but unassigned).

M
0
 
LVL 2

Author Comment

by:ChrisK
Comment Utility
Good info for a start mark, but you didn't say where the "map" of the segement and offsets is being kept.

Simple example, 2 programs running.


0---------------20---------------40
| PROG A        |   PROG B       |


Prog A was loaded into memory first, so it started at 0 and went till 20.  Prog B was then loaded and goes to 40.  Now lets say prog A needs more memory storage for a process.  Which way does it handle it?

** EXAMPLE 1 **

0-------------30---------------50
| PROG A      |  PROG B

** EXAMPLE 2 **

0-------------20-------------40--------50
| PROG A      |    PROG B   |  PROG A |


And then of course going back to, where is it storing this "map", or array or what have you, telling it that variable BLAH is stored in sector 45.

Lastly, you didn't really answer the initial question, just kinda went around it.  Think of a game "trainer" for example.  There are several out there which work with any game in existance because they scan the memory for the value you specify, then you change that value, it scans, then you change it again, it scans.  By this run it knows exactly where the value is stored, and it can then be changed or frozen.  I need to know specifically how to do this, as well as any theories on how to prevent it's use from a game producers stand point.
0
 
LVL 12

Expert Comment

by:mark2150
Comment Utility
The MAP is kept in the memory management unit. It knows what it assigned to what task and where the boundaries are. This is the unit that throws the GPF when your task attempts to step "out of bounds". This is a hardware unit on the CPU address buss. It will stop your program in mid instruction with an interrupt and abort your task. When you reply to the "invalid page fault" or "General Protection error", the task is dumped from memory and processing (usually) continues.

In your example, Task B can be rolled out, additional memory allocated to task A and then task B brought back in again. This keeps all of task A contiguous and helps explain why your disk will sometimes chatter for no appearent reason.

The kind of memory access you're looking for is simply not part of VB. VB was designed *specifically* to hide the gory details of memory allocation to prevent tasks from interfering with one another. This is the classic definition of an "illbehaved" DOS app.

M
0
 
LVL 2

Author Comment

by:ChrisK
Comment Utility
Using vb by itself I know it's impossible.  But API routines or possible external dll's would make it very possible.  The programs which CAN do this are written in VC++ 5...and win api and 3rd party dll's are typically written in c++.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Replace Formatted Numbers with text 9 50
How to create a duplicate finder Application 9 92
using Access 8 52
Adding to a VBA? 6 46
Introduction While answering a recent question about filtering a custom class collection, I realized that this could be accomplished with very little code by using the ScriptControl (SC) library.  This article will introduce you to the SC library a…
This article describes some techniques which will make your VBA or Visual Basic Classic code easier to understand and maintain, whether by you, your replacement, or another Experts-Exchange expert.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now