Get a value from a fixed memory offset: Visual C ++ Programming
I would like to write a simple application capable of fetching some specific data from another allocated memory of a process (application).
Let's say that I already know the process id and I would like to get the value in this process, always from a fixed offset (e.g. 0x523F1C), can this be done in user mode or should it be in kernel-mode?
Any hints or information is highly appreciated.
My environment is Windows XP and I am using Visual C ++ and Qt for the GUI.
Thank you in advance:)
EDIT:
(a) thanks guys. it basically works (when setting a breakpoint and catching the correct value), but when executing a normal release version, the resulting value is always initialized :(
will have to work harder to figure it out ...
(b) Since the application I'm trying to get the value is not written by me, can I still use interprocess communication / shared memory methods?
EDIT 2:
Thanks again for the quick response!: D
source to share
Use ReadProcessMemory - you will need to call PROCESS_VM_READ to another process [1], but if you are an administrator (or perhaps you have SE_DEBUG privs) this should be easy.
BOOL WINAPI ReadProcessMemory(
__in HANDLE hProcess,
__in LPCVOID lpBaseAddress,
__out LPVOID lpBuffer,
__in SIZE_T nSize,
__out SIZE_T* lpNumberOfBytesRead
);
[1]
HANDLE hProc = OpenProcess(PROCESS_VM_READ, false, pid);
Edit: b) Not unless you are using CreateRemoteThread - but you generally need to tweak your own DLL into the remote process before you can meaningfully create threads in that process. It's advanced, funny and dangerous :)
source to share
If you are doing interprocess communication / shared memory I would suggest Boost :: Interprocess instead as it will make life easier.
source to share
There is a ReadProcessMemory () function , but you will need to find the requirements to use it yourself. I think you might need to install yourself as a debugger for this process.
source to share