For example if a memory address within the process had the value 1616 how could I find it ?

You can use ReadProcessMemory:

#include <windows.h>
#include <iostream>
#include <cstring>

using namespace std;

int main()
    char data[20] = "Hello, World!!!";

    char buffer[20] = { 0 };

    HANDLE my_process = GetCurrentProcess();

    unsigned long address = 0;

    cout << "(before) " << data << endl;

    while (true)
        ReadProcessMemory(my_process, (LPCVOID) address, buffer, 20, 0);

        if (strcmp(data, buffer) == 0)
            cout << "found it!" << endl;

            WriteProcessMemory(my_process, (LPVOID) address, "Yo! What's up?", 20, 0);



    cout << "(after) " << data << endl;

    cout << "(hit enter to quit...)"; cin.get();

    return 0;


I didn't do it here, as this is just an example, but usually you'll
want to make few ReadProcessMemory calls with big buffers
instead of many ReadProcessMemory calls with small buffers.

It can make a huge difference in performance...


If you want to do this with other processes, you'll first have
to get the debug privilege and then use OpenProcess.

That's how you can get the debug privilege:

HANDLE my_process;
HANDLE htoken;
LUID luid;

my_process = GetCurrentProcess();
OpenProcessToken(my_process, TOKEN_ALL_ACCESS, &htoken);

LookupPrivilegeValue(NULL, "SeDebugPrivilege", &luid );

tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

AdjustTokenPrivileges(htoken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), 0, 0);

You can find additional info for all of these functions on MSDN: (GetCurrentProcess) (ReadProcessMemory) (WriteProcessMemory) (OpenProcessToken) (LookupPrivilegeValue) (AdjustTokenPrivileges) (OpenProcess)

Edited 5 Years Ago by m4ster_r0shi: n/a

You wrote A LOT
This article has been dead for over six months. Start a new discussion instead.