Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ReadProcessMemory

Posted on 2006-07-21
3
Medium Priority
?
326 Views
Last Modified: 2008-02-01
I would like to read a processes memory.  Now, I know I should use ReadProcessMemory, but I really don't know where
to beyond this.  For example, say we want to take a look at MineSweeper.  How would I go about first finding how many
bombs there are in the game?  Not where, just how many, a basic game has 10.  I assume this would take a lot of monitoring,
but I don't know how to start with that.

Then, lets say I found the address I want, how do I go about creating another program which ONLY searches this value.  So
that I can have a program which attaches to MineSweeper for the sole purpose of saying, this game has 10 bombs, 11 bombs,
or however many?
0
Comment
Question by:List244
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 86

Expert Comment

by:jkr
ID: 17155067
You'd have to reverse-engineer winmine.exe - coincidentially, that was an issue on EE a could of years ago, see NickRepin's page at http://skyscraper.fortunecity.com/gigo/311/winprog.html#minesweep and the code (which also uses 'ReadProcessMemory()') at http://skyscraper.fortunecity.com/gigo/311/winprog/wmplay.zip
0
 
LVL 8

Author Comment

by:List244
ID: 17155191
Alright, so what if I already have the address, then how would I go about grabbing that value from its memory?
0
 
LVL 86

Accepted Solution

by:
jkr earned 2000 total points
ID: 17155349
You need the full linear address as in the code sample, e.g.

const LPDWORD pWidth=LPDWORD(0x28B51B0);     // Field width (cells)
const LPDWORD pHeight=LPDWORD(0x28B51B4);    // Field height (cells)

   // Obtain current size of field
   ReadProcessMemory(hProcess,pWidth,szField,izeof(szField),0);

See also

http://www.codeproject.com/threads/int64_memsteal.asp ("Stealing Program's Memory")
http://www.codeproject.com/threads/MDumpAll.asp ("Performing a hex dump of another process's memory")
http://www.codeproject.com/threads/CmdLine.asp ("Navigating the PEB")
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When writing generic code, using template meta-programming techniques, it is sometimes useful to know if a type is convertible to another type. A good example of when this might be is if you are writing diagnostic instrumentation for code to generat…
Unlike C#, C++ doesn't have native support for sealing classes (so they cannot be sub-classed). At the cost of a virtual base class pointer it is possible to implement a pseudo sealing mechanism The trick is to virtually inherit from a base class…
The goal of the tutorial is to teach the user how to use functions in C++. The video will cover how to define functions, how to call functions and how to create functions prototypes. Microsoft Visual C++ 2010 Express will be used as a text editor an…
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question