Accessing memory used by other program

Question

Today I've a weird question again (at least to me it is). I'm experimenting more into pointers and an idea arouse in my mind as follows:

The Code (only a portion of it)

int * firefoxmemory = (char*) 0x11111111 //this is just an example of address.
*firefoxmemory = 200;

The Question:

In the above code, I try to access memory used by firefox (I use a memory editor to view the address) and after that change its corresponding value. But when I try to do so my program crashes.

Why does this happen to my program? Is there some special code used by Firefox to prevent a 3rd party program from tampering with its memory? Or it's done by the Windows and Intel hardware DEP?

If the above action is prevented by DEP, why does some memory editing software still work, like cheat engines that can alter values in memory?

Answer 1

Modern operating system use virtual addressing - so each program has what it thinks is the same address space. The OS maps this to real memory addresses.

So for example Firefox has a string located at 0x100, you program also has a string located at 0x100 - both of these are virtual memory addresses - the OS/CPU maps these addresses to real physical RAM - and it keeps them separate from each other - to avoid exactly the hacking technique you describe.

Answer 2

It crashes because 0x11111111 does not point to a valid address within your app's memory space.

As for cheat engine, there are a couple of ways to access another program's memory:

1) run code inside the target process's memory space. There are various ways to inject code into another process using SetWindowsHookEx() or CreateRemoteThread().

2) use ReadProcessMemory() and WriteProcessMemory()