Home/ Questions/Q 108547
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T01:55:44+00:00

I would like to write an simple application able to retrieve some certain data

  • 0

I would like to write an simple application able to retrieve some certain data from another process(application)’s allocated memory.

Say I already know a process’ id and I would like to obtain a value in this process’ memory always from a fixed offset (like 0x523F1C), is this doable in the user-mode, or it has to be in kernel-mode?

Any hints or info are highly appreciated.

My environment is Windows XP, and I am using Visual C++ and Qt for GUI.

Thanks in advance 🙂

EDIT:

(a) thanks guys. basically it’s working (when setting a break point and hook over the value it’s correct), but when doing a normal release build the value obtained is always the initialized 🙁

will have to work more to figure it out…

(b) Since the application I am trying to obtain value from isn’t written by me, can I still do the interprocess communications / shared memory techniques?

EDIT 2:

thanks again for the quick response! 😀

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Use ReadProcessMemory – you’ll need a handle with PROCESS_VM_READ access to the other process[1], but if you’re an administrator (or possibly, if you have SE_DEBUG privs) it should be straightforward.

    BOOL WINAPI ReadProcessMemory(   __in   HANDLE hProcess,   __in   LPCVOID lpBaseAddress,   __out  LPVOID lpBuffer,   __in   SIZE_T nSize,   __out  SIZE_T* lpNumberOfBytesRead );

    [1] 

    HANDLE hProc = OpenProcess(PROCESS_VM_READ, false, pid);

    Edit: b) No, unless you use CreateRemoteThread – but you normally need to have shimmed your own DLL into the remote process before you can meaningfully create threads in that process. This is advanced, fun and dangerous 🙂

    • 0