For example if a memory address within the process had the value 1616 how could I find it ?

7 Years
Discussion Span
Last Post by m4ster_r0shi

You can use ReadProcessMemory:

#include <windows.h>
#include <iostream>
#include <cstring>

using namespace std;

int main()
    char data[20] = "Hello, World!!!";

    char buffer[20] = { 0 };

    HANDLE my_process = GetCurrentProcess();

    unsigned long address = 0;

    cout << "(before) " << data << endl;

    while (true)
        ReadProcessMemory(my_process, (LPCVOID) address, buffer, 20, 0);

        if (strcmp(data, buffer) == 0)
            cout << "found it!" << endl;

            WriteProcessMemory(my_process, (LPVOID) address, "Yo! What's up?", 20, 0);



    cout << "(after) " << data << endl;

    cout << "(hit enter to quit...)"; cin.get();

    return 0;


I didn't do it here, as this is just an example, but usually you'll
want to make few ReadProcessMemory calls with big buffers
instead of many ReadProcessMemory calls with small buffers.

It can make a huge difference in performance...


If you want to do this with other processes, you'll first have
to get the debug privilege and then use OpenProcess.

That's how you can get the debug privilege:

HANDLE my_process;
HANDLE htoken;
LUID luid;

my_process = GetCurrentProcess();
OpenProcessToken(my_process, TOKEN_ALL_ACCESS, &htoken);

LookupPrivilegeValue(NULL, "SeDebugPrivilege", &luid );

tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

AdjustTokenPrivileges(htoken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), 0, 0);

You can find additional info for all of these functions on MSDN:

http://msdn.microsoft.com/en-us/library/ms683179(v=vs.85).aspx (GetCurrentProcess)

http://msdn.microsoft.com/en-us/library/ms680553(v=vs.85).aspx (ReadProcessMemory)
http://msdn.microsoft.com/en-us/library/ms681674(v=vs.85).aspx (WriteProcessMemory)

http://msdn.microsoft.com/en-us/library/aa379295(v=vs.85).aspx (OpenProcessToken)
http://msdn.microsoft.com/en-us/library/aa379180(v=vs.85).aspx (LookupPrivilegeValue)
http://msdn.microsoft.com/en-us/library/aa375202(v=vs.85).aspx (AdjustTokenPrivileges)

http://msdn.microsoft.com/en-us/library/ms684320(v=vs.85).aspx (OpenProcess)

Edited by m4ster_r0shi: n/a

Votes + Comments
You wrote A LOT
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.