Reputation: 111365
Low level programming: How to find data in a memory of another running process?
I am trying to write a statistics tool for a game by extracting values from game's process memory (as there is no other way). The biggest challenge is to find out required addresses that store data I am interested. What makes it even more harder is dynamic memory allocation - I need to find not only addresses that store data but also pointers to those memory blocks, because addresses are changing every time game restarts.
For now I am just manually searching game memory using memory editor (ArtMoney), and looking for addresses that change their values as data changes (or don't change). After address is found I am looking for a pointer that points to this memory block in a similar way.
I wonder what techniques/tools exist for such tasks? Maybe there are some articles I can read? Is mastering disassembler the only way to go? For example game trainers are solving similar tasks, but they make them in days and I am struggling already for weeks.
Thanks.
PS. It's all under windows.
Upvotes: 4
Views: 2293
Answers (3)
Reputation: 59857
You might take a look at DynInst (Dynamic Instrumentation). In particular, look at the Dynamic Probe Class Library (DPCL). These tools will let you attach to running processes via the debugger interface and insert your own instrumentation (via special probe classes) into them while they're running. You could probably use this to instrument the routines that access your data structures and trace when the values you're interested in are created or modified.
You might have an easier time doing it this way than doing everything manually. There are a bunch of papers on those pages you can look at to see how other people built similar tools, too.
I believe the Windows support is maintained, but I have not used it myself.
Upvotes: 0
Reputation: 74702
Is mastering disassembler the only way to go?
Yes; go download WinDbg from http://www.microsoft.com/whdc/devtools/debugging/default.mspx, or if you've got some money to blow, IDA Pro is probably the best tool for doing this
Upvotes: 1
Related Questions
- Is this how the stack works? Intel X86 Assembly
- How to automate finding data in a memory of another running process?
- Process Heap Segments And Their Necessity
- Find an instruction in an executable file, given its address in a running process?
- Reverse-Engineering Memory Load Techniques?
- reverse engineering c programs
- trace the data flow when the executable is running
- Figuring out the memory layout of objects without debugging a running program?
- Finding and using memory offsets in an existing program?
- Writing data to a running executable file