Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Posts
    8
    Rep Power
    0

    Find out allocated address for my programm


    Does anyone have any function to find out the range of address that are allocated to my programm
  2. #2
  3. Contributed User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2005
    Posts
    4,413
    Rep Power
    1871
    Depends on which OS you're on.

    For Linux, try
    Code:
    $ cat /proc/$$/maps
    00400000-004df000 r-xp 00000000 08:05 145630                             /bin/bash
    006de000-006df000 r--p 000de000 08:05 145630                             /bin/bash
    006df000-006e8000 rw-p 000df000 08:05 145630                             /bin/bash
    006e8000-006ee000 rw-p 00000000 00:00 0 
    01aa6000-01e76000 rw-p 00000000 00:00 0                                  [heap]
    7f5fca099000-7f5fca0a5000 r-xp 00000000 08:05 1053328                    /lib/x86_64-linux-gnu/libnss_files-2.13.so
    7f5fca0a5000-7f5fca2a4000 ---p 0000c000 08:05 1053328                    /lib/x86_64-linux-gnu/libnss_files-2.13.so
    Why do you need to know?
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Posts
    8
    Rep Power
    0
    u real?
    when someone is asking question in c section, its mean i need to do it in c, im not using linux, i need this for memory scanner i wanna build

    Comments on this post

    • DaWei_M disagrees : Here's some real for ya...
  6. #4
  7. Banned ;)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Nov 2001
    Location
    Woodland Hills, Los Angeles County, California, USA
    Posts
    9,643
    Rep Power
    4248
    You're not understanding the reply very well. You can do this in C, but the way to do it is dependent on the OS. What this means is that the function calls to do this depend on which OS you're running on.

    Therefore, if you intend to write a memory scanner in Windows, it is useful to mention that you are using Windows and which C compiler you are using as well.
    Up the Irons
    What Would Jimi Do? Smash amps. Burn guitar. Take the groupies home.
    "Death Before Dishonour, my Friends!!" - Bruce D ickinson, Iron Maiden Aug 20, 2005 @ OzzFest
    Down with Sharon Osbourne

    "I wouldn't hire a butcher to fix my car. I also wouldn't hire a marketing firm to build my website." - Nilpo
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Posts
    8
    Rep Power
    0
    OK, running windows7 visual studio 2010.
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2012
    Posts
    187
    Rep Power
    83
    Declare a MEMORY_BASIC_INFORMATION structure. Next call OPEN_PROCESS using the process ID of the target application. Call GetSystemInformation to get min and max application address range. Now loop thru the application address range and call VirtualQueryEX to load the Memory_BASIC_INFORMATION structure. Check the MBI struct for memory type of MEM_PRIVATE *AND* MEM_COMMIT. Allocate heap space needed for the ReadProcessMemory to read a region size of application memory. Keep looping by region size to iterate thru application memory.

    Unfortunately, I'm a newbie on this forum, so, I can't post links to all the required function calls etc.
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Posts
    8
    Rep Power
    0
    Thank u for the first actual helping reply, i know how to read/write into process memory(mean i also know how to open),
    ok i'll just need help about the part of finding the range of addresses i'll p.m u
    edit : i actually cant send p.m

    Comments on this post

    • clifford disagrees : Yopu are not making yourself any friends around here! The quality of answers is directly related to the quality of the question.
  14. #8
  15. Contributed User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2005
    Posts
    4,413
    Rep Power
    1871
    > Thank u for the first actual helping reply,
    Well it's your own damn fault for taking 8 hours to post relevant information that would enable ANYONE to post anything like a decent guess as to what you might want.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper
  16. #9
  17. No Profile Picture
    I haz teh codez!
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Dec 2003
    Posts
    2,552
    Rep Power
    2337
    Originally Posted by salem
    > Thank u for the first actual helping reply,
    Well it's your own damn fault for taking 8 hours to post relevant information that would enable ANYONE to post anything like a decent guess as to what you might want.
    Which of course is script kiddie "help me cheat on a game" assistance. :mad:
    I ♥ ManiacDan & requinix

    This is a sig, and not necessarily a comment on the OP:
    Please don't be a help vampire!
  18. #10
  19. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2012
    Posts
    187
    Rep Power
    83
    edit : i actually cant send p.m
    No problem. I never respond to PMs for any type of assistance. Prefer to do everything in the open forums.

    So, what do you not understand about finding the range of a program's address space?
  20. #11
  21. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Posts
    8
    Rep Power
    0
    Originally Posted by BobS0327
    No problem. I never respond to PMs for any type of assistance. Prefer to do everything in the open forums.

    So, what do you not understand about finding the range of a program's address space?
    Well i finally build it just 1 problem, i dont get current address...
    the address i get is very close to base, mean i cant get full address... i can get :
    0001C700
    but not the addresses i want like 0034FD90
    code :
    http://pastebin.com/G7tiaVgf
  22. #12
  23. Contributing User

    Join Date
    Aug 2003
    Location
    UK
    Posts
    5,117
    Rep Power
    1803
    Originally Posted by BotHelp
    Well i finally build it just 1 problem, i dont get current address...
    the address i get is very close to base, mean i cant get full address... i can get :
    0001C700
    but not the addresses i want like 0034FD90
    code :
    http://pastebin.com/G7tiaVgf
    What is wrong with pasting the code here!? Your code recovered from the bin:
    C Code:
     
    #include <stdio.h>
    #include <conio.h>
    #include <Windows.h>
    void main()
    {
        unsigned char *addr = 0;
        HANDLE hProc;
        int pid = 5044;
        MEMORY_BASIC_INFORMATION meminfo;
        hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
        if(hProc)
        {
            printf("Open Process succeed!");
            while(1)
            {
                if(VirtualQueryEx(hProc,addr,&meminfo,sizeof(meminfo)) == 0){
                    break;
                }
                addr =  (unsigned char *)meminfo.BaseAddress + meminfo.RegionSize;
                printf("%08X\n", addr);
            }
        }else{
            printf("Open Process Failed!");
        }
        getch();
    }
  24. #13
  25. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2012
    Posts
    187
    Rep Power
    83

    Thumbs up


    I somewhat modified your code to keep you going in the right direction. I can't post the complete solution since you should be learning by writing the code. You still have to write additional code to complete this task.

    Code:
    #include <stdio.h>
    #include <conio.h>
    #include <Windows.h>
    void main()
    {
        unsigned char *addr = 0;
        HANDLE hProc;
        int pid = 5044;
        MEMORY_BASIC_INFORMATION meminfo;
        LPVOID lpMem;
        SYSTEM_INFO si;
        hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
        if(hProc)
        {
            printf("Open Process succeed!");
            GetSystemInfo(&si);
            lpMem = si.lpMinimumApplicationAddress;
    
            while (lpMem < si.lpMaximumApplicationAddress)
            {
                if(VirtualQueryEx(hProc,addr,&meminfo,sizeof(meminfo)) == 0) {
                    break;
                }
                addr =  (unsigned char *)meminfo.BaseAddress + meminfo.RegionSize;
                printf("%08X\n", addr);
            }
        } else {
            printf("Open Process Failed!");
        }
        getch();
    }
  26. #14
  27. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Posts
    8
    Rep Power
    0
    u pretty much didnt done anything... u added a term if the minumum address is lower the then maximum, what is always true. is the same as put true inside, i can add a term that if the address is readable, but it doesnt realy matter the fact that i cant print my wanted address

    Comments on this post

    • jakotheshadows disagrees : Nobody here owes you any help. Your attitude is bull**** and it needs adjustment.
  28. #15
  29. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2009
    Posts
    149
    Rep Power
    37
    Originally Posted by BotHelp
    u pretty much didnt done anything... u You added a term if the minumum address is lower the then maximum, what which is always true. is Isn't it the same as putting true inside? Perhaps you're suggesting that there is some algorithm I should be using for which this isn't the case to start with? Thanks for taking the time to help me with my problem.
    Attitude and bad English fixed.

    Comments on this post

    • clifford disagrees : You have done nothing to deserve free assistance, ploitness will cost you nothing and is more likley to get you an answer. Now we will probably just toy with you until you go away.
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo