Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Memory Viewer

Posted on 2006-06-18
Medium Priority
Last Modified: 2010-04-15
Hi all,

I'm starting work on a memory viewer app which will dump the values of a specified range of memory addresses to stdout or a win32 text box. I'm just wondering how exactly to implement this, whether I should just have a memcpy in a for loop,  iterating through the addresses and copying their values to a buffer. or is there a more sophisticated way of doing it? Any help is appreciated

Question by:pushpop
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 16930860
What OS are you running? If it's multitasking, chances are you will not be able to read the contents of just any memory address, especially not that of another process. For Windows, for example, there are the OpenProcess/ReadProcessMemory/WriteProcessMemory "debugging" functions which will allow you to read another process' memory. You will most likely need a privileged user account.

Author Comment

ID: 16930913

Im running Windows XP sp2 as an admin. Does that sound workable?

Expert Comment

ID: 16931992
Reading memory in a virtual memory environment needs defining.

Are you looking to dump the memory of your own program, another program or dump system memory?

Each situation has different requirements.


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Author Comment

ID: 16932602
Ideally I'd like to dump the contents of system memory, but I'm aware that with the use of virtual memory this might be tricky.

Thanks everyone for your contributions so far
LVL 22

Expert Comment

ID: 16933221
Dumping memory isnt very useful anymore.  IN the old days with DOS there was plenty of data at predictable addresses:  the ROM BIOS, the interrupt vectors, the DOS list of lists, and many more.

But nowadays OS's don't put anything at fixed addresses.  And the OD's usually have nice API calls you can make to cleanly get whatever info you might want.  AND there is sooooo much memory, often gigabytes, it doesnt make much sense to dump it out for human eyes.

Maybe if you could tell us what your goal really is, we could make better sugestions.

LVL 46

Expert Comment

by:Kent Olsen
ID: 16933593
Hi pushpop,

The actual viewer is pretty easy.  Getting to system memory is the challenge.  A function to do this will have to be written in assembler and involves switching from user to protected mode, copying the data from system memory to your workspace, and returning to user mode.

As such, I'd define the outer structure to be a buffer from 1K to 4K in size.  Any larger and you run the risk of tying up the CPU to long in a block move.  Then build the function to copy memory to the program.

Good Luck.  This will be quite a challenge.

Accepted Solution

billtouch earned 500 total points
ID: 16935032
One approach that I would consider is creating a drvier to access system memory. You could use seek() to point t the desired address and read() to get the data.

Or you could use ioctl() for the the operation. The singe  pointer argument you are allowed could contain the start/end addresses or start/length.

If there is any interest, let me know and I will post more.

At the very least, this is no small undertaking. As for the comments above, there is very little of interest in a windows dump. If you are one of the very few that understands windows internals, you probably alreay have tools to look at what you need. Windows scrambles most names so you won't be able find user info from peeking.

Unlike most people, telling me there is not much to see awakens the desire to look anyway. So... if you are brave and undaunted by programming challenges... Have fun!.


PS: try to figure out the  windows dll's that start with kd (kd*.dll).

Author Comment

ID: 16943295
Hi all,

I suppose I'm just doing it for fun, to see can it be done really. Thanks for your contributions so far

Expert Comment

ID: 17002479
Thanks and "doing it to see if it can be done" is usually the start of great things. I call those things toys. I write toys and play with them. Many secrets of the deep have been revealed that way.

I first learned about OS's by doing exactly what you are doing, but with IBM's DOS operating system. After doing the dump, I wrote a disassembler to take all that hex stuff and turn it into instructions. What a wonderful time of exploration.

Have a lot of fun and learn a lot!


Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface I don't like visual development tools that are supposed to write a program for me. Even if it is Xcode and I can use Interface Builder. Yes, it is a perfect tool and has helped me a lot, mainly, in the beginning, when my programs were small…
This is a short and sweet, but (hopefully) to the point article. There seems to be some fundamental misunderstanding about the function prototype for the "main" function in C and C++, more specifically what type this function should return. I see so…
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use for-loops in the C programming language.
The goal of this video is to provide viewers with basic examples to understand and use switch statements in the C programming language.
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question