How would I go about making a loop to search through the entire RAM? For the purpose of finding lost data, or saving it to disk for later examination...(i'd like to code some sort of ram viewer similar to a hex editor). Using c++.
02-08-2005, 03:31 AM
You need pointers my friend. Run up a search on google for a c++ pointers tutorial.
02-08-2005, 09:03 AM
On most machines this will be very hard since the OS won't let your program access all of the RAM but only the portion allocated to it's process. You'll be causing segmentation faults (when a program tries to access memory that isn't it's own) all over the place. I'm guessing you will need to hack the kernel of the OS or something (just shooting from the hip here ;) ).
02-08-2005, 09:30 AM
Wouldn't you just get illegal operation errors left right and center?
I know problems would be caused if I tried to write memory that contained something important...but i'm sure i've seen programs that can edit memory of games (for cheating). Googling for "cheat program memory editing", I've found this: http://www.x-ways.net/ramcheat.html
It talks about "virtual memory access methods". Does anyone have any idea how it (or similar programs) work?
Just another thought: would programs that scan for viruses look in the RAM?
There are a few ways to do that, I believe the most common is through the Read/WriteProcessMemory API functions.
Googling them, they could well be the functions i'm looking for. Thankyou :)
I did not know that windows prevented you accessing all the ram...but I suppose I don't really need to. Although a whole ram hex editor would sound nice...
Most modern (32bit) operating systems run in what's called protected mode. This is what helps make them stable, because one process can't corrupt the memory space of another. This is why when a program crashes, it doesn't take the whole operating system down with it.
For you to be able to read/write to another processes memory, you need to gain the correct access to the other process (ex: calling OpenProcess() with the correct flags)
Can processes prevent this access of their memory?