The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.
|
 |
|
Dev Shed Forums
> Programming Languages
> C Programming
|
 Page 2 -
Find out allocated address for my programm
Page 2 - Discuss Find out allocated address for my programm in the C Programming forum on Dev Shed.
Find out allocated address for my programm C programming forum discussing all C derivatives, including C#, C++, Object-C, and even plain old vanilla C. These languages are low level languages, and used on projects such as device drivers, compilers, and even whole computer operating systems.
|
|
 |
|
|
|
|
|
Dev Shed Forums Sponsor:
|
|
|
November 4th, 2012, 10:27 AM
|
 |
Contributing User
|
|
Join Date: Aug 2003
Location: UK
|
|
Quote: | Originally Posted by BotHelp i can get :
0001C700
but not the addresses i want like 0034FD90
| I really cannot fathom why you think one is right and the other is wrong - an address is an address what makes you believe that the first is somehow more "correct" that the second?
|
November 4th, 2012, 09:33 PM
|
|
|
First of all, thanx to Jakotheshadows for translating your post.
My post tried to point you in the right direction toward resolving your problem. I have Proof OF Concept (POC) code that does dump a process' private address space. So, I'm not posting misinformation. I'm using the POC code as a testing/verification means for my posts.
But anyway, do you honestly think your code which follows will work?
Code:
unsigned char *addr = 0;
HANDLE hProc;
int pid = 5044;
MEMORY_BASIC_INFORMATION meminfo;
hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if(hProc)
{
printf("Open Process succeed!");
while(1)
{
if(VirtualQueryEx(hProc,addr,&meminfo,sizeof(meminfo)) == 0){
break;
|
November 10th, 2012, 05:35 AM
|
|
Registered User
|
|
Join Date: Nov 2012
Posts: 8
Time spent in forums: 1 h 37 m 57 sec
Reputation Power: 0
|
|
Quote: | Originally Posted by BobS0327 First of all, thanx to Jakotheshadows for translating your post.
My post tried to point you in the right direction toward resolving your problem. I have Proof OF Concept (POC) code that does dump a process' private address space. So, I'm not posting misinformation. I'm using the POC code as a testing/verification means for my posts.
But anyway, do you honestly think your code which follows will work?
Code:
unsigned char *addr = 0;
HANDLE hProc;
int pid = 5044;
MEMORY_BASIC_INFORMATION meminfo;
hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if(hProc)
{
printf("Open Process succeed!");
while(1)
{
if(VirtualQueryEx(hProc,addr,&meminfo,sizeof(meminfo)) == 0){
break;
|
i can replace the addr with the minimum address as you did with ur check. but i steel cant see how its going to change the output to print private address
|
November 10th, 2012, 09:45 AM
|
|
|
Proof of concept code follows:
Code:
#pragma comment(lib, "advapi32.lib")
#include <windows.h>
#include <stdio.h>
BOOL DumpProcessMemory(DWORD dwPid)
{
HANDLE pHandle;
SYSTEM_INFO si;
MEMORY_BASIC_INFORMATION mbi;
LPVOID lpMem;
DWORD dwReturn, dwTotalRead;
pHandle = OpenProcess(PROCESS_ALL_ACCESS, 0, dwPid);
if (pHandle == NULL)
{
printf("OpenProcess failed for PID: %d\n",dwPid);
return FALSE;
}
GetSystemInfo(&si);
lpMem = si.lpMinimumApplicationAddress;
while (lpMem < si.lpMaximumApplicationAddress)
{
mbi.RegionSize = 0;
dwReturn = VirtualQueryEx(pHandle, lpMem, &mbi, sizeof(mbi));
if (dwReturn == sizeof(mbi)) {
if ((mbi.Type == MEM_PRIVATE) && (mbi.State == MEM_COMMIT))
{
if (mbi.RegionSize > 0)
{
const BYTE* cbBuffer = (BYTE*)HeapAlloc(GetProcessHeap(), NULL, mbi.RegionSize);
if (cbBuffer == NULL)
{
printf ("HeapAlloc failed\n");
return FALSE;
}
ReadProcessMemory(pHandle, mbi.BaseAddress, (LPVOID)cbBuffer, mbi.RegionSize, &dwTotalRead);
printf("Base Address %08X RegionSize %08X\n",mbi.BaseAddress,mbi.RegionSize);
HeapFree(GetProcessHeap(), NULL, (LPVOID)cbBuffer);
}
}
lpMem = (LPVOID)((DWORD)mbi.BaseAddress + mbi.RegionSize);
}
else break;
}
CloseHandle(pHandle);
return TRUE;
}
INT main(INT argc, CHAR **argv)
{
DumpProcessMemory(atoi(argv[1]));
return 0;
}
|
Developer Shed Advertisers and Affiliates
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate This Thread |
 Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
