getting values from memory addresses within another process...

[Trig]

I'm attempting to read memory from another process.  I've installed 'Cheat Engine' to do this, to make sure I'm pulling the correct value from the address I'm attempting to; however, nothing I found works  I did find this article:

https://stackoverflow.com/questions/37358478/read-random-memory-locations-with-golang

I don't believe that is correct though, as using the address of the location I'm attempting to read doesn't result in a value anywhere near what 'Cheat Engine' is reporting.  I've looked at the 'unsafe' and 'syscall' packages; however, there's very little information on them.  Also, searched many ways trying to find examples on how to do this.  I'm on a Mac (and use Linux).  On Windows, I can do this fairly easy.  I can't seem to find anything that works (not experienced at all in syscalls) for linux or darwin platforms.  Any help appreciated.

[Ian Lance Taylor]

In general Unix systems do not permit reading memory from other processes.

If you can figure out how to do it in a C program, perhaps using
ptrace, then it should be possible to figure out how to do in a Go
program.

Ian

[Kurtis Rader]

On Thu, Apr 30, 2020 at 6:59 PM Trig <edb...@gmail.com> wrote:

I'm attempting to read memory from another process.  I've installed 'Cheat Engine' to do this, to make sure I'm pulling the correct value from the address I'm attempting to; however, nothing I found works  I did find this article:

https://stackoverflow.com/questions/37358478/read-random-memory-locations-with-golang

I don't believe that is correct though, as using the address of the location I'm attempting to read doesn't result in a value anywhere near what 'Cheat Engine' is reporting.  I've looked at the 'unsafe' and 'syscall' packages; however, there's very little information on them.  Also, searched many ways trying to find examples on how to do this.  I'm on a Mac (and use Linux).  On Windows, I can do this fairly easy.

Really? I'd love to see your Go code that allows reading arbitrary memory on MS Windows.

As Ian pointed out on UNIX, and most operating systems for that matter, do not allow a process to read the memory of other processes without using specialized operating system APIs meant for debugging; such as the `ptrace()` syscall.

Note that the stackoverflow question you linked to is bollocks. The questioner apparently wants to read the virtual memory of other processes. Yet they accepted as correct an answer that does no such thing. The "answer" only reads arbitrary virtual memory of the Go process.

--

Kurtis Rader

Caretaker of the exceptional canines Junior and Hank

[Michael Jones]

The general dangerous ability to do this is why protected mode went into the i368 and is the first and most essential promise to prevent of every OS other than MS DOS, original MacOS, and practically the threads in shared memory model of Smalltalk & MP Mathematica. 

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CABx2%3DD9v%2BssEHjeZfV2Xb9QQYAkWgF5wskOYi2LkrfPqak4JrQ%40mail.gmail.com.

--

Michael T. Jones
michae...@gmail.com

[Eric Brown]

I’m attempting to do exactly what ‘Cheat Engine’ and things like AutoHotKey can do.  ‘Cheat Engine’ handles this just fine on all my platforms.

[Robert Engels]

This can be done fairly easily if you run the Go process as root and read the /proc/$pid/mem pseudo file. 

On Apr 30, 2020, at 10:01 PM, Michael Jones <michae...@gmail.com> wrote:



To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CALoEmQw%3D1GtAw9CZVKJZ8eBhuyH2ufs%3Dg_fm6_QWU%2BSerAxYeQ%40mail.gmail.com.

[Eric Brown]

I’ll look into this solution.  Thank you for an answer that points me in a possible direction.

[Kurtis Rader]

[Kurtis Rader]

On Thu, Apr 30, 2020 at 8:25 PM Eric Brown <edb...@gmail.com> wrote:

I’ll look into this solution.  Thank you for an answer that points me in a possible direction.

Gah! I hit the "send" button without providing any useful response in my previous reply. Note that reading /proc/$pid/mem is only applicable to Linux. And that solution basically requires your program, written in Go, to be run as root.

You need to provide more information about what you're trying to do. Including any relevant constraints such as particular operating systems you want to support. You also referenced "Cheat Engine" without providing a link to a document that explains what you mean by that term. I'm guessing (emphasis on "guessing") that you are referring to https://en.wikipedia.org/wiki/Cheat_Engine

[Trig]

Kurtis,

   Thanks... that 'Cheat Engine' is the correct one.  Basically, what I am doing is creating a simple service that watches for a particular process (a game, in this instance) and 'monitors' certain values (such as life levels, mana levels, etc.).  If my health in the game is low, it simply plays an audio file that let's me know to drink a potion, etc.  I'm not needing to write any values to memory (like a bot would actually do)... just be able to read them.