CODEWITHSUNDEEP
c++multithreadingc++builderaccess-violationram
Dmitry Dashko
Dmitry Dashko

Reputation: 172

read memory of another process using address of variable

I want to read memory of process A but when the process A is disposed. I have run A, it displays address of some variable, I closed it.

I have run B where I input address of A's variable. It causes error "Access violation...".

I use Borland C++ builder and Windows 7.

Is there any way to watch ram when process is closed? Maybe some tools will help me. Could you give me names of tools to read memory by absolute address after memory deallocation?
Maybe it should be some sort of leak detectors?

Upvotes: 2

Views: 987

Answers (3)

Jay
Jay

Reputation: 3355

You can use a tool like ->

http://www.rohitab.com/apimonitor

You will need to break on system wide calls for https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-exitprocess etc and then you will obtain the memory of the aforementioned program at the time when you require it.

From there you should be well equipped to continue your debugging (along with the memory addresses in question, just setup a watch when the break point hits.)

You can use break on access to determine which API calls occur next.

And then I said too much :)

Upvotes: 0

Oliver Charlesworth
Oliver Charlesworth

Reputation: 272687

On most systems, separate processes exist in completely separate virtual address spaces. The pointers you see in one process are completely meaningless in another.

Consequently, you have to explicitly share memory if you want to do this; I'm no Windows expert, but I believe that CreateSharedMemory() may be what you need.

Upvotes: 2

Aniket Inge
Aniket Inge

Reputation: 25725

I don't know after it is closed, but while running, you can use ReadProcessMemory() with CreateRemoteThread

Upvotes: 2

Related Questions