Thread: Memory Range

  1. #1
    Registered User
    Join Date
    Jun 2006
    Posts
    13

    Memory Range

    How can I find out the memory range which a program in windows is using?

  2. #2
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,895
    You don't. I cannot conceive a scenario where this would be useful.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  3. #3
    Reverse Engineer maxorator's Avatar
    Join Date
    Aug 2005
    Location
    Estonia
    Posts
    2,318
    Memory scanner?
    "The Internet treats censorship as damage and routes around it." - John Gilmore

  4. #4
    Registered User
    Join Date
    Jun 2006
    Posts
    13
    Sorry for posting in the wrong section, it was three in the morning and I was a little tired.

    Anyways, I need to find a variable in a process by searching and sieving, and then modify it from another program. I could not find any articles on memory scanning on the net.

  5. #5
    Registered User Queatrix's Avatar
    Join Date
    Apr 2005
    Posts
    1,342
    >> I cannot conceive a scenario where this would be useful.

    I can, say you make a program that finds the proccess using the most memory then terminates it. Usefull it the memory is extremley cloughed.

  6. #6
    Reverse Engineer maxorator's Avatar
    Join Date
    Aug 2005
    Location
    Estonia
    Posts
    2,318
    I don't think it's the wrong section though...
    "The Internet treats censorship as damage and routes around it." - John Gilmore

  7. #7
    Hurry Slowly vart's Avatar
    Join Date
    Oct 2006
    Location
    Rishon LeZion, Israel
    Posts
    6,788
    Quote Originally Posted by feso4
    I need to find a variable in a process by searching and sieving, and then modify it from another program. I could not find any articles on memory scanning on the net.
    something like that?
    Code:
    BOOL VMQuery(HANDLE hProcess, LPCVOID pvAddress, PVMQUERY pVMQ) {
       if (gs_dwAllocGran == 0) {
          // Set allocation granularity if this is the first call
          SYSTEM_INFO sinf;
          GetSystemInfo(&sinf);
          gs_dwAllocGran = sinf.dwAllocationGranularity;
       }
       ZeroMemory(pVMQ, sizeof(*pVMQ));
       // Get the MEMORY_BASIC_INFORMATION for the passed address.
       MEMORY_BASIC_INFORMATION mbi;
       BOOL fOk = (VirtualQueryEx(hProcess, pvAddress, &mbi, sizeof(mbi)) 
          == sizeof(mbi));
       if (!fOk)
          return(fOk);   // Bad memory address, return failure
       // The MEMORY_BASIC_INFORMATION structure contains valid information.
       // Time to start setting the members of our own VMQUERY structure.
       // First, fill in the block members. We'll fill the region members later.
       switch (mbi.State) {
          case MEM_FREE:       // Free block (not reserved)
             pVMQ->pvBlkBaseAddress = NULL;
             pVMQ->BlkSize = 0;
             pVMQ->dwBlkProtection = 0;
             pVMQ->dwBlkStorage = MEM_FREE;
             break;
          case MEM_RESERVE:    // Reserved block without committed storage in it.
             pVMQ->pvBlkBaseAddress = mbi.BaseAddress;
             pVMQ->BlkSize = mbi.RegionSize;
             // For an uncommitted block, mbi.Protect is invalid. So we will 
             // show that the reserved block inherits the protection attribute 
             // of the region in which it is contained.
             pVMQ->dwBlkProtection = mbi.AllocationProtect;  
             pVMQ->dwBlkStorage = MEM_RESERVE;
             break;
          case MEM_COMMIT:     // Reserved block with committed storage in it.
             pVMQ->pvBlkBaseAddress = mbi.BaseAddress;
             pVMQ->BlkSize = mbi.RegionSize;
             pVMQ->dwBlkProtection = mbi.Protect;   
             pVMQ->dwBlkStorage = mbi.Type;
             break;
          default:
              DebugBreak();
              break;
       }
       // Now fill in the region data members.
       VMQUERY_HELP VMQHelp;
       switch (mbi.State) {
          case MEM_FREE:       // Free block (not reserved)
             pVMQ->pvRgnBaseAddress = mbi.BaseAddress;
             pVMQ->dwRgnProtection  = mbi.AllocationProtect;
             pVMQ->RgnSize          = mbi.RegionSize;
             pVMQ->dwRgnStorage     = MEM_FREE;
             pVMQ->dwRgnBlocks      = 0;
             pVMQ->dwRgnGuardBlks   = 0;
             pVMQ->fRgnIsAStack     = FALSE;
             break;
          case MEM_RESERVE:    // Reserved block without committed storage in it.
             pVMQ->pvRgnBaseAddress = mbi.AllocationBase;
             pVMQ->dwRgnProtection  = mbi.AllocationProtect;
             // Iterate through all blocks to get complete region information.         
             VMQueryHelp(hProcess, pvAddress, &VMQHelp);
             pVMQ->RgnSize          = VMQHelp.RgnSize;
             pVMQ->dwRgnStorage     = VMQHelp.dwRgnStorage;
             pVMQ->dwRgnBlocks      = VMQHelp.dwRgnBlocks;
             pVMQ->dwRgnGuardBlks   = VMQHelp.dwRgnGuardBlks;
             pVMQ->fRgnIsAStack     = VMQHelp.fRgnIsAStack;
             break;
          case MEM_COMMIT:     // Reserved block with committed storage in it.
             pVMQ->pvRgnBaseAddress = mbi.AllocationBase;
             pVMQ->dwRgnProtection  = mbi.AllocationProtect;
             // Iterate through all blocks to get complete region information.         
             VMQueryHelp(hProcess, pvAddress, &VMQHelp);
             pVMQ->RgnSize          = VMQHelp.RgnSize;
             pVMQ->dwRgnStorage     = VMQHelp.dwRgnStorage;
             pVMQ->dwRgnBlocks      = VMQHelp.dwRgnBlocks;
             pVMQ->dwRgnGuardBlks   = VMQHelp.dwRgnGuardBlks;
             pVMQ->fRgnIsAStack     = VMQHelp.fRgnIsAStack;
             break;
          default:
              DebugBreak();
              break;
       }
       return(fOk);
    }
    Notices: Copyright (c) 2000 Jeffrey Richter
    All problems in computer science can be solved by another level of indirection,
    except for the problem of too many layers of indirection.
    – David J. Wheeler

  8. #8
    Registered User kryptkat's Avatar
    Join Date
    Dec 2002
    Posts
    638
    Td32

  9. #9
    Reverse Engineer maxorator's Avatar
    Join Date
    Aug 2005
    Location
    Estonia
    Posts
    2,318
    What is Td32?
    I searched from google, but I only found results like "I tried to debug it with Td32, but...", "Unfortunately, TD32 doesn't seem to know how to preserve open module windows...", "since TD32 isn't really very useful, so...", "I have tried to debug it using td32 but it says 'program is not a 32 bit".
    These were the results I got...
    "The Internet treats censorship as damage and routes around it." - John Gilmore

  10. #10
    Registered User kryptkat's Avatar
    Join Date
    Dec 2002
    Posts
    638
    If you load your prog in a debugger it will show you where it is in memory. Use your debugger then. since i use bcc32 td32 works for those progs. if however you want to see all of the memory scroll to where you want to see.

    you could also use a color ram map. not sure if that is the correct
    name for it but it is like the hd_defrag only with memory. a memory map. i had seen a few of them and wrote a few long time ago but they were usless for determining what was where.
    they did show where the action and things changing was.

    How can I find out the memory range which a program in windows is using?
    a debugger will show the locations of the prog in memory.

  11. #11
    Registered User
    Join Date
    Jun 2006
    Posts
    13
    Thanks for the replies everyone. I also found out about ReadProcessMemory and WriteProcessMemory so that's everything I need.

  12. #12
    Reverse Engineer maxorator's Avatar
    Join Date
    Aug 2005
    Location
    Estonia
    Posts
    2,318
    You need to loop until the end to get the size with ReadProcessMemory... I thought that would be not exactly what you're looking for.

    You should also give your program SE_DEBUG privilege. This function should do it:
    Code:
    void EnableDebugPriv(){
        HANDLE hToken;
        LUID sedebugnameValue;
        char buffer[256];
        TOKEN_PRIVILEGES tkp;
    
        if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken)){
            MessageBox(hwnd,"OPT() failed, gle = SeDebugPrivilege is not available.",itoa(GetLastError(),buffer,256),MB_OK);
            return;
        }
    
        if (!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&sedebugnameValue)){
            MessageBox(hwnd,"OPT2() failed, gle = SeDebugPrivilege is not available.",itoa(GetLastError(),buffer,256),MB_OK);
            CloseHandle( hToken );
            return;
        }
        tkp.PrivilegeCount = 1;
        tkp.Privileges[0].Luid = sedebugnameValue;
        tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
        if (!AdjustTokenPrivileges(hToken,FALSE,&tkp,sizeof tkp,NULL,NULL)){
            MessageBox(hwnd,"OPT3() failed, gle = SeDebugPrivilege is not available.",itoa(GetLastError(),buffer,256),MB_OK);
        }
        CloseHandle( hToken );
        return;
    }
    Last edited by maxorator; 11-02-2006 at 01:57 PM.
    "The Internet treats censorship as damage and routes around it." - John Gilmore

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Question regarding Memory Leak
    By clegs in forum C++ Programming
    Replies: 29
    Last Post: 12-07-2007, 01:57 AM
  2. Memory problem with Borland C 3.1
    By AZ1699 in forum C Programming
    Replies: 16
    Last Post: 11-16-2007, 11:22 AM
  3. Program that displays amount of free memory
    By trancedeejay in forum Linux Programming
    Replies: 3
    Last Post: 01-13-2006, 01:27 PM
  4. reading files into memory
    By bobthebullet990 in forum C Programming
    Replies: 3
    Last Post: 11-30-2005, 03:39 PM
  5. Shared Memory - shmget questions
    By hendler in forum C Programming
    Replies: 1
    Last Post: 11-29-2005, 02:15 AM