Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

accessing memory using Microsoft Visual C++

7 views
Skip to first unread message

Ryan

unread,
May 23, 2002, 3:47:24 PM5/23/02
to
Hi.

Is there a way of accessing memory outside of the program's address space,
in Microsoft Visual C++? The protected mode addressing seems to keep
preventing me from doing so. I'm trying to write a little cheating program
for a game (it will have to change a value in the game's memory), but I
don't seem to be able to read much of Window's memory, to even find the game
in memory.

For example, I have picked an arbitrary address of 0x00400050, and have
started reading, byte by byte. It seems to allow me to read 528 304 bytes,
but then I can no longer read the memory.

How can this be done? I've done a lot of searching on the internet, but
haven't found the answer.


Thanks for any help,
Ryan


fake...@fakedomain.com

unread,
May 23, 2002, 4:19:52 PM5/23/02
to
yes there's a way...but it's not what i would call the easiest thing in the
world.

1- you need to get the process id of the game you want to alter. To do this I
recommend you use toolhelp functions (located in tlhelp32.h). You can use other
functions but toolhelp works on most windows versions (9x/ME/2000/XP)

2- a- If you know the address you want to change, use OpenProcess to create a
process handle (make sure you use the right access flags). Then use
WriteProcessMemory to overwrite the data you wish to change. Close the handle,
clean up and you're done.

b- If you don't know the address to change, you might want to use OpenProcess,
then VirtualQueryEx to examine regions of the 4GB address space...find where you
have read/write access then you can use ReadProcessMemory to examine the
content, WriteProcessMemory to change it.

Note: if you need to search for the address, check all the VirtualQueryEx
documentation...this is important because if you try to readprocessmemory but
don't have access to it...your program might give an error and terminate....

You might have a hard time understanding what the documentation means by
"baseaddress", took me a while to get it. In short it's the address of the first
location you want to read from or write to...if you have questions about that
post a follow up.

Ryan wrote:

> Hi.
>
> Is there a way of accessing memory outside of the program's address space,
> in Microsoft Visual C++? The protected mode addressing seems to keep
> preventing me from doing so. I'm trying to write a little cheating program
> for a game (it will have to change a value in the game's memory), but I
> don't seem to be able to read much of Window's memory, to even find the game
> in memory.
>
> For example, I have picked an arbitrary address of 0x00400050, and have
> started reading, byte by byte. It seems to allow me to read 528 304 bytes,
> but then I can no longer read the memory.
>

How did you read memory? are you sure you were in another process memory or the
current process? If it was in another process, most likely stopped because you
reached a region with no read access. VirtualQueryEx will show you the access
for regions so you can skip the ones without proper access....There are other
ways to rule out certain regions with that function, but i won't go into
details...

>
> How can this be done? I've done a lot of searching on the internet, but
> haven't found the answer.

> Thanks for any help,

> Ryan

PS This can be fun to explore a game...but don't cheat in multiplayer ;o) I
hate it when ppl do that...

Ryan

unread,
May 24, 2002, 12:41:39 PM5/24/02
to
Great, thanks a lot. I'll give that a try. It's not quite what I had in
mind--what I had in mind, however, might not be possible. I wanted to be
able to freely roam through memory, and read everything by starting at the
first address (address zero?) and moving forward from there. I realize
Windows has restrictions in place to prevent this, but is there no way
around all of these restrictions?

thanks again!
Ryan

<fake...@fakedomain.com> wrote in message
news:3CED4EE8...@fakedomain.com...

fake...@fakedomain.com

unread,
May 24, 2002, 8:44:21 PM5/24/02
to

Ryan wrote:

> Great, thanks a lot. I'll give that a try. It's not quite what I had in
> mind--what I had in mind, however, might not be possible. I wanted to be
> able to freely roam through memory, and read everything by starting at the
> first address (address zero?) and moving forward from there. I realize
> Windows has restrictions in place to prevent this, but is there no way
> around all of these restrictions?
>
> thanks again!
> Ryan
>

If you're suggesting "roam around memory" using something simple like a
pointer, it's impossible in windows because each process has a unique virtual
address space...that means each program has its very own 4GB space, but cannot
access the 4GB of another process.. to read from the 4GB of a different
process you need the process id and most of the functions I mentioned...

Note: of the 4GB, 2GB are reserved for the OS and some other regions are still
not accessible to you....(VirtualQueryEx will tell you if a block is
accessible or not). This is actually helpful because you won't waste time
searching the whole 4GB...as far as i know all variables for games are all in
accessible regions.

I wanted to do the pointer thing a while ago too...but it just won't work in
windows because windows uses protected mode and virtual memory to prevent a
bug in one program to crash another...so basically..the only way i know around
the "windows restrictions" is the method i described (it's impossible simply
using pointers..). The functions like ReadProcessMemory and
WriteProcessMemory were designed to be used in debuggers mostly I
believe...that's why they can access any process address space, not just their
own.

Might seem complicated, but with some practice and patience it will eventually
get easier. Good luck :o)

0 new messages