pushpop
asked on
Memory Viewer
Hi all,
I'm starting work on a memory viewer app which will dump the values of a specified range of memory addresses to stdout or a win32 text box. I'm just wondering how exactly to implement this, whether I should just have a memcpy in a for loop, iterating through the addresses and copying their values to a buffer. or is there a more sophisticated way of doing it? Any help is appreciated
P
I'm starting work on a memory viewer app which will dump the values of a specified range of memory addresses to stdout or a win32 text box. I'm just wondering how exactly to implement this, whether I should just have a memcpy in a for loop, iterating through the addresses and copying their values to a buffer. or is there a more sophisticated way of doing it? Any help is appreciated
P
What OS are you running? If it's multitasking, chances are you will not be able to read the contents of just any memory address, especially not that of another process. For Windows, for example, there are the OpenProcess/ReadProcessMem ory/WriteP rocessMemo ry "debugging" functions which will allow you to read another process' memory. You will most likely need a privileged user account.
ASKER
Hi,
Im running Windows XP sp2 as an admin. Does that sound workable?
Im running Windows XP sp2 as an admin. Does that sound workable?
Reading memory in a virtual memory environment needs defining.
Are you looking to dump the memory of your own program, another program or dump system memory?
Each situation has different requirements.
Bill
Are you looking to dump the memory of your own program, another program or dump system memory?
Each situation has different requirements.
Bill
ASKER
Ideally I'd like to dump the contents of system memory, but I'm aware that with the use of virtual memory this might be tricky.
Thanks everyone for your contributions so far
Thanks everyone for your contributions so far
Dumping memory isnt very useful anymore. IN the old days with DOS there was plenty of data at predictable addresses: the ROM BIOS, the interrupt vectors, the DOS list of lists, and many more.
But nowadays OS's don't put anything at fixed addresses. And the OD's usually have nice API calls you can make to cleanly get whatever info you might want. AND there is sooooo much memory, often gigabytes, it doesnt make much sense to dump it out for human eyes.
Maybe if you could tell us what your goal really is, we could make better sugestions.
But nowadays OS's don't put anything at fixed addresses. And the OD's usually have nice API calls you can make to cleanly get whatever info you might want. AND there is sooooo much memory, often gigabytes, it doesnt make much sense to dump it out for human eyes.
Maybe if you could tell us what your goal really is, we could make better sugestions.
Hi pushpop,
The actual viewer is pretty easy. Getting to system memory is the challenge. A function to do this will have to be written in assembler and involves switching from user to protected mode, copying the data from system memory to your workspace, and returning to user mode.
As such, I'd define the outer structure to be a buffer from 1K to 4K in size. Any larger and you run the risk of tying up the CPU to long in a block move. Then build the function to copy memory to the program.
Good Luck. This will be quite a challenge.
Kent
The actual viewer is pretty easy. Getting to system memory is the challenge. A function to do this will have to be written in assembler and involves switching from user to protected mode, copying the data from system memory to your workspace, and returning to user mode.
As such, I'd define the outer structure to be a buffer from 1K to 4K in size. Any larger and you run the risk of tying up the CPU to long in a block move. Then build the function to copy memory to the program.
Good Luck. This will be quite a challenge.
Kent
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi all,
I suppose I'm just doing it for fun, to see can it be done really. Thanks for your contributions so far
I suppose I'm just doing it for fun, to see can it be done really. Thanks for your contributions so far
Thanks and "doing it to see if it can be done" is usually the start of great things. I call those things toys. I write toys and play with them. Many secrets of the deep have been revealed that way.
I first learned about OS's by doing exactly what you are doing, but with IBM's DOS operating system. After doing the dump, I wrote a disassembler to take all that hex stuff and turn it into instructions. What a wonderful time of exploration.
Have a lot of fun and learn a lot!
Bill
I first learned about OS's by doing exactly what you are doing, but with IBM's DOS operating system. After doing the dump, I wrote a disassembler to take all that hex stuff and turn it into instructions. What a wonderful time of exploration.
Have a lot of fun and learn a lot!
Bill