How can I find out the memory range which a program in windows is using?
Printable View
How can I find out the memory range which a program in windows is using?
You don't. I cannot conceive a scenario where this would be useful.
Memory scanner?
Sorry for posting in the wrong section, it was three in the morning and I was a little tired. :D
Anyways, I need to find a variable in a process by searching and sieving, and then modify it from another program. I could not find any articles on memory scanning on the net.
>> I cannot conceive a scenario where this would be useful.
I can, say you make a program that finds the proccess using the most memory then terminates it. Usefull it the memory is extremley cloughed.
I don't think it's the wrong section though...
something like that?Quote:
Originally Posted by feso4
Notices: Copyright (c) 2000 Jeffrey RichterCode:BOOL VMQuery(HANDLE hProcess, LPCVOID pvAddress, PVMQUERY pVMQ) {
if (gs_dwAllocGran == 0) {
// Set allocation granularity if this is the first call
SYSTEM_INFO sinf;
GetSystemInfo(&sinf);
gs_dwAllocGran = sinf.dwAllocationGranularity;
}
ZeroMemory(pVMQ, sizeof(*pVMQ));
// Get the MEMORY_BASIC_INFORMATION for the passed address.
MEMORY_BASIC_INFORMATION mbi;
BOOL fOk = (VirtualQueryEx(hProcess, pvAddress, &mbi, sizeof(mbi))
== sizeof(mbi));
if (!fOk)
return(fOk); // Bad memory address, return failure
// The MEMORY_BASIC_INFORMATION structure contains valid information.
// Time to start setting the members of our own VMQUERY structure.
// First, fill in the block members. We'll fill the region members later.
switch (mbi.State) {
case MEM_FREE: // Free block (not reserved)
pVMQ->pvBlkBaseAddress = NULL;
pVMQ->BlkSize = 0;
pVMQ->dwBlkProtection = 0;
pVMQ->dwBlkStorage = MEM_FREE;
break;
case MEM_RESERVE: // Reserved block without committed storage in it.
pVMQ->pvBlkBaseAddress = mbi.BaseAddress;
pVMQ->BlkSize = mbi.RegionSize;
// For an uncommitted block, mbi.Protect is invalid. So we will
// show that the reserved block inherits the protection attribute
// of the region in which it is contained.
pVMQ->dwBlkProtection = mbi.AllocationProtect;
pVMQ->dwBlkStorage = MEM_RESERVE;
break;
case MEM_COMMIT: // Reserved block with committed storage in it.
pVMQ->pvBlkBaseAddress = mbi.BaseAddress;
pVMQ->BlkSize = mbi.RegionSize;
pVMQ->dwBlkProtection = mbi.Protect;
pVMQ->dwBlkStorage = mbi.Type;
break;
default:
DebugBreak();
break;
}
// Now fill in the region data members.
VMQUERY_HELP VMQHelp;
switch (mbi.State) {
case MEM_FREE: // Free block (not reserved)
pVMQ->pvRgnBaseAddress = mbi.BaseAddress;
pVMQ->dwRgnProtection = mbi.AllocationProtect;
pVMQ->RgnSize = mbi.RegionSize;
pVMQ->dwRgnStorage = MEM_FREE;
pVMQ->dwRgnBlocks = 0;
pVMQ->dwRgnGuardBlks = 0;
pVMQ->fRgnIsAStack = FALSE;
break;
case MEM_RESERVE: // Reserved block without committed storage in it.
pVMQ->pvRgnBaseAddress = mbi.AllocationBase;
pVMQ->dwRgnProtection = mbi.AllocationProtect;
// Iterate through all blocks to get complete region information.
VMQueryHelp(hProcess, pvAddress, &VMQHelp);
pVMQ->RgnSize = VMQHelp.RgnSize;
pVMQ->dwRgnStorage = VMQHelp.dwRgnStorage;
pVMQ->dwRgnBlocks = VMQHelp.dwRgnBlocks;
pVMQ->dwRgnGuardBlks = VMQHelp.dwRgnGuardBlks;
pVMQ->fRgnIsAStack = VMQHelp.fRgnIsAStack;
break;
case MEM_COMMIT: // Reserved block with committed storage in it.
pVMQ->pvRgnBaseAddress = mbi.AllocationBase;
pVMQ->dwRgnProtection = mbi.AllocationProtect;
// Iterate through all blocks to get complete region information.
VMQueryHelp(hProcess, pvAddress, &VMQHelp);
pVMQ->RgnSize = VMQHelp.RgnSize;
pVMQ->dwRgnStorage = VMQHelp.dwRgnStorage;
pVMQ->dwRgnBlocks = VMQHelp.dwRgnBlocks;
pVMQ->dwRgnGuardBlks = VMQHelp.dwRgnGuardBlks;
pVMQ->fRgnIsAStack = VMQHelp.fRgnIsAStack;
break;
default:
DebugBreak();
break;
}
return(fOk);
}
Td32
What is Td32?
I searched from google, but I only found results like "I tried to debug it with Td32, but...", "Unfortunately, TD32 doesn't seem to know how to preserve open module windows...", "since TD32 isn't really very useful, so...", "I have tried to debug it using td32 but it says 'program is not a 32 bit".
These were the results I got...
If you load your prog in a debugger it will show you where it is in memory. Use your debugger then. since i use bcc32 td32 works for those progs. if however you want to see all of the memory scroll to where you want to see.
you could also use a color ram map. not sure if that is the correct
name for it but it is like the hd_defrag only with memory. a memory map. i had seen a few of them and wrote a few long time ago but they were usless for determining what was where.
they did show where the action and things changing was.
a debugger will show the locations of the prog in memory.Quote:
How can I find out the memory range which a program in windows is using?
Thanks for the replies everyone. I also found out about ReadProcessMemory and WriteProcessMemory so that's everything I need.
You need to loop until the end to get the size with ReadProcessMemory... I thought that would be not exactly what you're looking for.
You should also give your program SE_DEBUG privilege. This function should do it:
Code:void EnableDebugPriv(){
HANDLE hToken;
LUID sedebugnameValue;
char buffer[256];
TOKEN_PRIVILEGES tkp;
if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken)){
MessageBox(hwnd,"OPT() failed, gle = SeDebugPrivilege is not available.",itoa(GetLastError(),buffer,256),MB_OK);
return;
}
if (!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&sedebugnameValue)){
MessageBox(hwnd,"OPT2() failed, gle = SeDebugPrivilege is not available.",itoa(GetLastError(),buffer,256),MB_OK);
CloseHandle( hToken );
return;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken,FALSE,&tkp,sizeof tkp,NULL,NULL)){
MessageBox(hwnd,"OPT3() failed, gle = SeDebugPrivilege is not available.",itoa(GetLastError(),buffer,256),MB_OK);
}
CloseHandle( hToken );
return;
}