Get the value from a fixed memory offset : Visual C++ Programming

Question

I would like to write an simple application able to retrieve some certain data from another process(application)'s allocated memory.

Say I already know a process' id and I would like to obtain a value in this process' memory always from a fixed offset (like 0x523F1C), is this doable in the user-mode, or it has to be in kernel-mode?

Any hints or info are highly appreciated.

My environment is Windows XP, and I am using Visual C++ and Qt for GUI.

Thanks in advance :)

EDIT:

(a) thanks guys. basically it's working (when setting a break point and hook over the value it's correct), but when doing a normal release build the value obtained is always the initialized :(

will have to work more to figure it out...

(b) Since the application I am trying to obtain value from isn't written by me, can I still do the interprocess communications / shared memory techniques?

EDIT 2:

thanks again for the quick response! :D

Answer 1

There is a ReadProcessMemory() function, but you'll have to find the requirements for using it yourself. I think you might need to set yourself as a debugger for that process.

Answer 2

Use ReadProcessMemory - you'll need a handle with PROCESS_VM_READ access to the other process[1], but if you're an administrator (or possibly, if you have SE_DEBUG privs) it should be straightforward.

BOOL WINAPI ReadProcessMemory(
  __in   HANDLE hProcess,
  __in   LPCVOID lpBaseAddress,
  __out  LPVOID lpBuffer,
  __in   SIZE_T nSize,
  __out  SIZE_T* lpNumberOfBytesRead
);

[1]

HANDLE hProc = OpenProcess(PROCESS_VM_READ, false, pid);

Edit: b) No, unless you use CreateRemoteThread - but you normally need to have shimmed your own DLL into the remote process before you can meaningfully create threads in that process. This is advanced, fun and dangerous :)

Answer 3

If you're doing interprocess communications / shared memory, I would suggest using Boost::Interprocess instead as it will make life much easier.