• C

Memory Viewer

Hi all,

I'm starting work on a memory viewer app which will dump the values of a specified range of memory addresses to stdout or a win32 text box. I'm just wondering how exactly to implement this, whether I should just have a memcpy in a for loop,  iterating through the addresses and copying their values to a buffer. or is there a more sophisticated way of doing it? Any help is appreciated

P
pushpopAsked:
Who is Participating?
 
billtouchCommented:
One approach that I would consider is creating a drvier to access system memory. You could use seek() to point t the desired address and read() to get the data.

Or you could use ioctl() for the the operation. The singe  pointer argument you are allowed could contain the start/end addresses or start/length.

If there is any interest, let me know and I will post more.

At the very least, this is no small undertaking. As for the comments above, there is very little of interest in a windows dump. If you are one of the very few that understands windows internals, you probably alreay have tools to look at what you need. Windows scrambles most names so you won't be able find user info from peeking.

Unlike most people, telling me there is not much to see awakens the desire to look anyway. So... if you are brave and undaunted by programming challenges... Have fun!.

Bill

PS: try to figure out the  windows dll's that start with kd (kd*.dll).
0
 
aib_42Commented:
What OS are you running? If it's multitasking, chances are you will not be able to read the contents of just any memory address, especially not that of another process. For Windows, for example, there are the OpenProcess/ReadProcessMemory/WriteProcessMemory "debugging" functions which will allow you to read another process' memory. You will most likely need a privileged user account.
0
 
pushpopAuthor Commented:
Hi,

Im running Windows XP sp2 as an admin. Does that sound workable?
0
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

 
billtouchCommented:
Reading memory in a virtual memory environment needs defining.

Are you looking to dump the memory of your own program, another program or dump system memory?

Each situation has different requirements.

Bill
0
 
pushpopAuthor Commented:
Ideally I'd like to dump the contents of system memory, but I'm aware that with the use of virtual memory this might be tricky.

Thanks everyone for your contributions so far
0
 
grg99Commented:
Dumping memory isnt very useful anymore.  IN the old days with DOS there was plenty of data at predictable addresses:  the ROM BIOS, the interrupt vectors, the DOS list of lists, and many more.

But nowadays OS's don't put anything at fixed addresses.  And the OD's usually have nice API calls you can make to cleanly get whatever info you might want.  AND there is sooooo much memory, often gigabytes, it doesnt make much sense to dump it out for human eyes.

Maybe if you could tell us what your goal really is, we could make better sugestions.

0
 
Kent OlsenData Warehouse Architect / DBACommented:
Hi pushpop,

The actual viewer is pretty easy.  Getting to system memory is the challenge.  A function to do this will have to be written in assembler and involves switching from user to protected mode, copying the data from system memory to your workspace, and returning to user mode.

As such, I'd define the outer structure to be a buffer from 1K to 4K in size.  Any larger and you run the risk of tying up the CPU to long in a block move.  Then build the function to copy memory to the program.

Good Luck.  This will be quite a challenge.
Kent
0
 
pushpopAuthor Commented:
Hi all,

I suppose I'm just doing it for fun, to see can it be done really. Thanks for your contributions so far
0
 
billtouchCommented:
Thanks and "doing it to see if it can be done" is usually the start of great things. I call those things toys. I write toys and play with them. Many secrets of the deep have been revealed that way.

I first learned about OS's by doing exactly what you are doing, but with IBM's DOS operating system. After doing the dump, I wrote a disassembler to take all that hex stuff and turn it into instructions. What a wonderful time of exploration.

Have a lot of fun and learn a lot!

Bill
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.