Recent

Author Topic: [Solved] How to read local variable value with Read Memory ?  (Read 2892 times)

loaded

  • Hero Member
  • *****
  • Posts: 824
[Solved] How to read local variable value with Read Memory ?
« on: January 17, 2022, 09:37:31 am »
Hi All,
When I want to use the variable I defined with its memory address, it's ok. When I want to read it using memoryread api in windows, the result fails. Where am I going wrong or what should I do? I would be glad if you share your ideas and suggestions. Respects.

Code: Pascal  [Select][+][-]
  1. procedure TForm1.Button1Click(Sender: TObject);
  2. var
  3.   ival:integer=2022;
  4.   rval:integer=0;
  5.   l:DWORD;
  6. begin
  7.   ReadProcessMemory(Handle,@ival,@rval,sizeof(rval),l);  // uses add windows
  8.   showmessage(format('%p -> %d | ReadProcessMemory %d',[@ival,PInteger(@ival)^,rval]));
  9. end;

« Last Edit: January 17, 2022, 11:54:39 am by loaded »
Check out  loaded on Strava
https://www.strava.com/athletes/109391137

balazsszekely

  • Guest
Re: How to read local variable value with Read Memory ?
« Reply #1 on: January 17, 2022, 10:43:50 am »
@loaded
Quote
When I want to use the variable I defined with its memory address, it's ok. When I want to read it using memoryread api in windows, the result fails. Where am I going wrong or what should I do? I would be glad if you share your ideas and suggestions. Respects.
Handle in your example refers to the form's window handle. You need to pass the handle off the process to ReadProcessMemory:
Code: Pascal  [Select][+][-]
  1. //instead off:
  2.   ReadProcessMemory(Handle,@ival,@rval,sizeof(rval),l);
  3. //you need:
  4.   ReadProcessMemory(GetCurrentProcess,@ival,@rval,sizeof(rval),l);
  5.  

Edit: Corrected typo.
« Last Edit: January 17, 2022, 12:32:15 pm by GetMem »

Thaddy

  • Hero Member
  • *****
  • Posts: 14201
  • Probably until I exterminate Putin.
Re: How to read local variable value with Read Memory ?
« Reply #2 on: January 17, 2022, 11:07:44 am »
Will that work with stack allocations? Simple local variables are allocated on the stack, not the heap!
Process memory is heap...
« Last Edit: January 17, 2022, 11:13:14 am by Thaddy »
Specialize a type, not a var.

440bx

  • Hero Member
  • *****
  • Posts: 3944
Re: How to read local variable value with Read Memory ?
« Reply #3 on: January 17, 2022, 11:29:06 am »
Will that work with stack allocations? Simple local variables are allocated on the stack, not the heap!
Process memory is heap...
It will work with stack allocations or any other memory block as long as the process that attempts to read it has the right to read the location and, of course, there actually is memory there.  As long as those two conditions are true the read will succeed.
(FPC v3.0.4 and Lazarus 1.8.2) or (FPC v3.2.2 and Lazarus v3.2) on Windows 7 SP1 64bit.

Thaddy

  • Hero Member
  • *****
  • Posts: 14201
  • Probably until I exterminate Putin.
Re: How to read local variable value with Read Memory ?
« Reply #4 on: January 17, 2022, 11:46:24 am »
So you must read it inside a method or procedure, otherwise the stack allocations go out of scope / is released on exit?
Specialize a type, not a var.

loaded

  • Hero Member
  • *****
  • Posts: 824
Re: How to read local variable value with Read Memory ?
« Reply #5 on: January 17, 2022, 11:54:26 am »
Thank you very much for replys GetMem, Thaddy and 440bx. Yes, my problem is solved.
As long as you're in this forum, we amateurs will not be disappointed.
May God give you all a very long life.

So you must read it inside a method or procedure, otherwise the stack allocations go out of scope / is released on exit?
What you said is remarkable, and thank you very much for your warning.
I had defined the variables locally as an example. I normally had a project that I intended to use globally.

Check out  loaded on Strava
https://www.strava.com/athletes/109391137

440bx

  • Hero Member
  • *****
  • Posts: 3944
Re: How to read local variable value with Read Memory ?
« Reply #6 on: January 17, 2022, 01:17:16 pm »
So you must read it inside a method or procedure, otherwise the stack allocations go out of scope / is released on exit?
The lifetime of the values read that way varies significantly in just about all cases.  What you pointed out is right, reading local variables, the memory will still be accessible after the function/procedure returns (the stack memory isn't released back to the O/S when a function/procedure returns) but, the contents of those locations will vary in unpredictable ways.

The same thing is true when reading another process' memory.  It's rather important to be very aware of _what_ is being read because the lifetime of the values may be ephemeral and even the lifetime of the memory block itself may be ephemeral.

For instance, a process can read the first page of the csrss.exe process with confidence that it will be there (if csrss.exe crashes, Windows crashes) but, reading the first page of a run of the mill user process is a different proposition.  The process may not be there by the time the read is issued or by the time it has completed. 


(FPC v3.0.4 and Lazarus 1.8.2) or (FPC v3.2.2 and Lazarus v3.2) on Windows 7 SP1 64bit.

 

TinyPortal © 2005-2018