Memory Viewer

Posted on 2006-06-18
Last Modified: 2010-04-15
Hi all,

I'm starting work on a memory viewer app which will dump the values of a specified range of memory addresses to stdout or a win32 text box. I'm just wondering how exactly to implement this, whether I should just have a memcpy in a for loop,  iterating through the addresses and copying their values to a buffer. or is there a more sophisticated way of doing it? Any help is appreciated

Question by:pushpop

Expert Comment

ID: 16930860
What OS are you running? If it's multitasking, chances are you will not be able to read the contents of just any memory address, especially not that of another process. For Windows, for example, there are the OpenProcess/ReadProcessMemory/WriteProcessMemory "debugging" functions which will allow you to read another process' memory. You will most likely need a privileged user account.

Author Comment

ID: 16930913

Im running Windows XP sp2 as an admin. Does that sound workable?

Expert Comment

ID: 16931992
Reading memory in a virtual memory environment needs defining.

Are you looking to dump the memory of your own program, another program or dump system memory?

Each situation has different requirements.


Author Comment

ID: 16932602
Ideally I'd like to dump the contents of system memory, but I'm aware that with the use of virtual memory this might be tricky.

Thanks everyone for your contributions so far
Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

LVL 22

Expert Comment

ID: 16933221
Dumping memory isnt very useful anymore.  IN the old days with DOS there was plenty of data at predictable addresses:  the ROM BIOS, the interrupt vectors, the DOS list of lists, and many more.

But nowadays OS's don't put anything at fixed addresses.  And the OD's usually have nice API calls you can make to cleanly get whatever info you might want.  AND there is sooooo much memory, often gigabytes, it doesnt make much sense to dump it out for human eyes.

Maybe if you could tell us what your goal really is, we could make better sugestions.

LVL 45

Expert Comment

ID: 16933593
Hi pushpop,

The actual viewer is pretty easy.  Getting to system memory is the challenge.  A function to do this will have to be written in assembler and involves switching from user to protected mode, copying the data from system memory to your workspace, and returning to user mode.

As such, I'd define the outer structure to be a buffer from 1K to 4K in size.  Any larger and you run the risk of tying up the CPU to long in a block move.  Then build the function to copy memory to the program.

Good Luck.  This will be quite a challenge.

Accepted Solution

billtouch earned 125 total points
ID: 16935032
One approach that I would consider is creating a drvier to access system memory. You could use seek() to point t the desired address and read() to get the data.

Or you could use ioctl() for the the operation. The singe  pointer argument you are allowed could contain the start/end addresses or start/length.

If there is any interest, let me know and I will post more.

At the very least, this is no small undertaking. As for the comments above, there is very little of interest in a windows dump. If you are one of the very few that understands windows internals, you probably alreay have tools to look at what you need. Windows scrambles most names so you won't be able find user info from peeking.

Unlike most people, telling me there is not much to see awakens the desire to look anyway. So... if you are brave and undaunted by programming challenges... Have fun!.


PS: try to figure out the  windows dll's that start with kd (kd*.dll).

Author Comment

ID: 16943295
Hi all,

I suppose I'm just doing it for fun, to see can it be done really. Thanks for your contributions so far

Expert Comment

ID: 17002479
Thanks and "doing it to see if it can be done" is usually the start of great things. I call those things toys. I write toys and play with them. Many secrets of the deep have been revealed that way.

I first learned about OS's by doing exactly what you are doing, but with IBM's DOS operating system. After doing the dump, I wrote a disassembler to take all that hex stuff and turn it into instructions. What a wonderful time of exploration.

Have a lot of fun and learn a lot!


Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
posix semaphore deadlock 13 114
how to define a string array with big size in c language 10 129
Console based application in Linux 1 84
Socket Programming (Unix) 8 119
Have you thought about creating an iPhone application (app), but didn't even know where to get started? Here's how: ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Important pre-programming comments: I’ve never tri…
This tutorial is posted by Aaron Wojnowski, administrator at  To view more iPhone tutorials, visit This is a very simple tutorial on finding the user's current location easily. In this tutorial, you will learn ho…
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use nested-loops in the C programming language.
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use while-loops in the C programming language.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now