Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Reading value at an address

Tags:

c++

I'm trying to make a program that reads the value at a certain address. I have this:

int _tmain(int argc, _TCHAR* argv[])
{
    int *address;
    address =   (int*)0x00000021;
    cout << *address;
    return 0;
}

But this gives a read violation error. What am I doing wrong? Thanks

like image 457
jmasterx Avatar asked Mar 25 '10 21:03

jmasterx


3 Answers

That reads the value at that address within the process's own space. You'll need to use other methods if you want to read another process's space, or physical memory.

like image 152
Ignacio Vazquez-Abrams Avatar answered Sep 21 '22 19:09

Ignacio Vazquez-Abrams


It's open to some question exactly what OlyDbg is showing you. 32-bit (and 64-bit) Windows uses virtual memory, which means the address you use in your program is not the same as the address actually sent over the bus to the memory chips. Instead, Windows (and I should add that other OSes such as Linux, MacOS, *bsd, etc., do roughly the same) sets up some tables that say (in essence) when the program uses an address in this range, use that range of physical addresses.

This mapping is done on a page-by-page basis (where each page is normally 4K bytes, though other sizes are possible). In that table, it can also mark a page as "not present" -- this is what supports paging memory to disk. When you try to read a page that's marked as not present, the CPU generates an exception. The OS then handles that exception by reading the data from the disk into a block of memory, and updating the table to say the data is present at physical address X. Along with not-present, the tables support a few other values, such as read-only, so you can read by not write some addresses.

Windows (again, like the other OSes) sets up the tables for the first part of the address space, but does NOT associate any memory with them. From the viewpoint of a user program, those addresses simply should never be used.

That gets us back to my uncertainty about what OlyDbg is giving you when you ask it to read from address 0x21. That address simply doesn't refer to any real data -- never has and never will.

What others have said is true as well: a debugger will usually use some OS functions (E.g. ReadProcessMemory and WriteProcessMemory, among others under Windows) to get access to things that you can't read or write directly. These will let you read and write memory in another process, which isn't directly accessible by a normal pointer. Neither of those would help in trying to read from address 0x21 though -- that address doesn't refer to any real memory in any process.

like image 34
Jerry Coffin Avatar answered Sep 23 '22 19:09

Jerry Coffin


You can only use a pointer that points to an actual object.

If you don't have an object at address 0x00000021, this won't work.

If you want to create an object on the free store (the heap), you need to do so using new:

int* address = new int;
*address = 42;
cout << *address;
delete address;
like image 27
James McNellis Avatar answered Sep 19 '22 19:09

James McNellis