0

I want to read the memory from a process for 16 MB (FFFFFF) and store it in a array, in a way that when I search inside the array like: array[i], i will be the real memory address.

Lets say I want to search from 000000 to FFFFFF, I want to make that jump sizeof(value), get the address from that address and store it in a var.

then if(var==value) return address.

i have this: ReadProcessMemory(phandle,(void*)address,buffer,0xFFFFFF,0);

EDIT:

i have this (by BlueWanderer answer):

class offset_buffer{
private:
        char *buf;
        int offset;

public:
        offset_buffer(char *in_buf, int in_offset)
                : buf(in_buf), offset(in_offset){
        }

        char & operator[](int in_index){
                return buf[in_index - offset];
        }

        void setOffset(int off){
                offset=off;
        }

        void ReadMemory(){
                LPBYTE point;
                DWORD primeiroAddress = 0x000000;
                DWORD finalAddress = 0xFFFFFF;
                //LPBYTE buffer = new BYTE[finalAddress-primeiroAddress];
                HANDLE phandle = OpenProcess(PROCESS_VM_READ,0,TargetPID);
                ReadProcessMemory(phandle,(void*)primeiroAddress, buf, sizeof(buf), 0);
                CloseHandle(phandle);
        }
};

main(){
char *buffer = new char[0xFFFFFFF-0x0000000];
int address = 0x0000000;
offset_buffer b(buffer,address);
std::ostringstream ss;
int i=0;
TListItem *ListIt;
b.ReadMemory();
for(address=0x0000000;address<0xFFFFFFF;address+=sizeof(int)){
        if(b[address]==StrToInt(Edit1->Text.c_str())){
                 ss << std::hex << address;
                 showValue();
                 ss.str(std::string());
        }
}

what is wrong?? can someone help me? why it doesn't work

Improve this question
4
  • that what? it would work but i don't know the type i have to use, can you send me a code especifying it? Commented May 15, 2012 at 0:27
  • 1
    What do you mean by "i will be the real memory address"? If you're trying to find a specific address in the other process, you'll need to compensate for the difference between the base address of that 16 meg in your process vs. the other. offset = address - their_base; whatever *var = (whatever *)(our_base + offset); Commented May 15, 2012 at 0:34
  • the counter i would be the real memory address. like i know the address 0C2F8E3 has value 50 and typeint, so if i do buffer[0C2F8E3] i will get the value 50 Commented May 15, 2012 at 0:38
  • just edited, with BlueWanderer answer changed Commented May 15, 2012 at 19:04

1 Answer 1

Reset to default
1

You want something like this?

class offset_buffer
{
private: 
    char *buf;
    int offset;

public:
    offset_buffer(char *in_buf, int in_offset)
        : buf(in_buf), offset(in_offset)
    {
    }

    char & operator[](int in_index)
    {
        return buf[in_index - offset];
    }
};

It will map your real address to the index in the array

offset_buffer b(buffer, address);

if (b[0x0C2F8E3] == 123) return 0x0C2F8E3;
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

what would be the offset? who do i use that?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.