Solved

Memory Viewer

Posted on 2006-06-18
9
423 Views
Last Modified: 2010-04-15
Hi all,

I'm starting work on a memory viewer app which will dump the values of a specified range of memory addresses to stdout or a win32 text box. I'm just wondering how exactly to implement this, whether I should just have a memcpy in a for loop,  iterating through the addresses and copying their values to a buffer. or is there a more sophisticated way of doing it? Any help is appreciated

P
0
Comment
Question by:pushpop
9 Comments
 
LVL 7

Expert Comment

by:aib_42
ID: 16930860
What OS are you running? If it's multitasking, chances are you will not be able to read the contents of just any memory address, especially not that of another process. For Windows, for example, there are the OpenProcess/ReadProcessMemory/WriteProcessMemory "debugging" functions which will allow you to read another process' memory. You will most likely need a privileged user account.
0
 

Author Comment

by:pushpop
ID: 16930913
Hi,

Im running Windows XP sp2 as an admin. Does that sound workable?
0
 
LVL 6

Expert Comment

by:billtouch
ID: 16931992
Reading memory in a virtual memory environment needs defining.

Are you looking to dump the memory of your own program, another program or dump system memory?

Each situation has different requirements.

Bill
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 

Author Comment

by:pushpop
ID: 16932602
Ideally I'd like to dump the contents of system memory, but I'm aware that with the use of virtual memory this might be tricky.

Thanks everyone for your contributions so far
0
 
LVL 22

Expert Comment

by:grg99
ID: 16933221
Dumping memory isnt very useful anymore.  IN the old days with DOS there was plenty of data at predictable addresses:  the ROM BIOS, the interrupt vectors, the DOS list of lists, and many more.

But nowadays OS's don't put anything at fixed addresses.  And the OD's usually have nice API calls you can make to cleanly get whatever info you might want.  AND there is sooooo much memory, often gigabytes, it doesnt make much sense to dump it out for human eyes.

Maybe if you could tell us what your goal really is, we could make better sugestions.

0
 
LVL 45

Expert Comment

by:Kdo
ID: 16933593
Hi pushpop,

The actual viewer is pretty easy.  Getting to system memory is the challenge.  A function to do this will have to be written in assembler and involves switching from user to protected mode, copying the data from system memory to your workspace, and returning to user mode.

As such, I'd define the outer structure to be a buffer from 1K to 4K in size.  Any larger and you run the risk of tying up the CPU to long in a block move.  Then build the function to copy memory to the program.

Good Luck.  This will be quite a challenge.
Kent
0
 
LVL 6

Accepted Solution

by:
billtouch earned 125 total points
ID: 16935032
One approach that I would consider is creating a drvier to access system memory. You could use seek() to point t the desired address and read() to get the data.

Or you could use ioctl() for the the operation. The singe  pointer argument you are allowed could contain the start/end addresses or start/length.

If there is any interest, let me know and I will post more.

At the very least, this is no small undertaking. As for the comments above, there is very little of interest in a windows dump. If you are one of the very few that understands windows internals, you probably alreay have tools to look at what you need. Windows scrambles most names so you won't be able find user info from peeking.

Unlike most people, telling me there is not much to see awakens the desire to look anyway. So... if you are brave and undaunted by programming challenges... Have fun!.

Bill

PS: try to figure out the  windows dll's that start with kd (kd*.dll).
0
 

Author Comment

by:pushpop
ID: 16943295
Hi all,

I suppose I'm just doing it for fun, to see can it be done really. Thanks for your contributions so far
0
 
LVL 6

Expert Comment

by:billtouch
ID: 17002479
Thanks and "doing it to see if it can be done" is usually the start of great things. I call those things toys. I write toys and play with them. Many secrets of the deep have been revealed that way.

I first learned about OS's by doing exactly what you are doing, but with IBM's DOS operating system. After doing the dump, I wrote a disassembler to take all that hex stuff and turn it into instructions. What a wonderful time of exploration.

Have a lot of fun and learn a lot!

Bill
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you thought about creating an iPhone application (app), but didn't even know where to get started? Here's how: ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Important pre-programming comments: I’ve never tri…
Summary: This tutorial covers some basics of pointer, pointer arithmetic and function pointer. What is a pointer: A pointer is a variable which holds an address. This address might be address of another variable/address of devices/address of fu…
The goal of this video is to provide viewers with basic examples to understand and use pointers in the C programming language.
The goal of this video is to provide viewers with basic examples to understand opening and writing to files in the C programming language.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question