www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.learn - To get memory from another process.

reply Quantium <qchessv2 gmail.com> writes:
Could you advise me how to do these steps on D? Which libs should 
I import?
1. My programm gets a path to exe file
2. My programm starts that exe file and writes into it 2 commands
3. Programm gets access to exe file memory
4. Programm gets data from process memory and writes it into 
data.bin file which is in the same directory.
As I said, which libs do I need and how to get access to other 
process memory.
Also, can I make this as a driver, but if yes, how to code driver 
on D?
Apr 07 2020
parent reply Net <netorib94 gmail.com> writes:
On Tuesday, 7 April 2020 at 21:20:28 UTC, Quantium wrote:

 Could you advise me how to do these steps on D? Which libs 
 should I import?
 1. My programm gets a path to exe file
 2. My programm starts that exe file and writes into it 2 
 commands
 3. Programm gets access to exe file memory
 4. Programm gets data from process memory and writes it into 
 data.bin file which is in the same directory.
 As I said, which libs do I need and how to get access to other 
 process memory.
 Also, can I make this as a driver, but if yes, how to code 
 driver on D?


As far I know, you can't access other's program memory in any 
modern operating system.  That's managed and protected by the OS 
through virtual addressing.

What are you trying to do?
Apr 08 2020
next sibling parent rikki cattermole <rikki cattermole.co.nz> writes:
On 09/04/2020 4:25 AM, Net wrote:

 On Tuesday, 7 April 2020 at 21:20:28 UTC, Quantium wrote:

 Could you advise me how to do these steps on D? Which libs should I 
 import?
 1. My programm gets a path to exe file
 2. My programm starts that exe file and writes into it 2 commands
 3. Programm gets access to exe file memory
 4. Programm gets data from process memory and writes it into data.bin 
 file which is in the same directory.
 As I said, which libs do I need and how to get access to other process 
 memory.
 Also, can I make this as a driver, but if yes, how to code driver on D?


 
 As far I know, you can't access other's program memory in any modern 
 operating system.  That's managed and protected by the OS through 
 virtual addressing.


Yes you can, in all modern operating systems.

It is used for debugging.
Apr 08 2020
prev sibling parent reply Quantium <qchessv2 gmail.com> writes:
On Wednesday, 8 April 2020 at 16:25:01 UTC, Net wrote:

 On Tuesday, 7 April 2020 at 21:20:28 UTC, Quantium wrote:

 Could you advise me how to do these steps on D? Which libs 
 should I import?
 1. My programm gets a path to exe file
 2. My programm starts that exe file and writes into it 2 
 commands
 3. Programm gets access to exe file memory
 4. Programm gets data from process memory and writes it into 
 data.bin file which is in the same directory.
 As I said, which libs do I need and how to get access to other 
 process memory.
 Also, can I make this as a driver, but if yes, how to code 
 driver on D?


 As far I know, you can't access other's program memory in any 
 modern operating system.  That's managed and protected by the 
 OS through virtual addressing.

 What are you trying to do?


Now I know that programm even at Administrator mode cannot do 
this. Only system permission can do that. Or a driver on a 
kernel-level (zero level). So now the question is how to code 
driver, which gets other process' memory on D.
Also, I know antiviruses will try to block this driver so I'll 
test it with no antiviruses and Microsoft Defender off. Or if I'm 
mistaking anywhere and this is impossible on Windows, is it 
possible on Linux?
Apr 08 2020
parent reply "H. S. Teoh" <hsteoh quickfur.ath.cx> writes:
On Wed, Apr 08, 2020 at 08:16:27PM +0000, Quantium via Digitalmars-d-learn
wrote:

 On Wednesday, 8 April 2020 at 16:25:01 UTC, Net wrote:


[...]

 As far I know, you can't access other's program memory in any modern
 operating system.  That's managed and protected by the OS through
 virtual addressing.




On Linux, you can access process memory using the virtual file
/proc/$pid/mem, where $pid is the process ID.  But you need root access
for this to work, and you also need to know how the memory is mapped in
the process (reading from an unmapped offset will return I/O error).



 What are you trying to do?


 
 Now I know that programm even at Administrator mode cannot do this.
 Only system permission can do that. Or a driver on a kernel-level
 (zero level).  So now the question is how to code driver, which gets
 other process' memory on D.


This question has nothing to do with D.  You need to know how your OS
works, and whether it has an interface that provides the access you
want.  The programming language cannot give you this, and is also
irrelevant as far as performing this operation is concerned; if you have
an API that can do this, you can do it in any language.



 Also, I know antiviruses will try to block this driver so I'll test it
 with no antiviruses and Microsoft Defender off. Or if I'm mistaking
 anywhere and this is impossible on Windows, is it possible on Linux?


You didn't answer the question.  Why are you trying to access another
process's memory?  Without knowing what you're trying to do, it's hard
to give you a more specific answer.


T

-- 
Music critic: "That's an imitation fugue!"
Apr 08 2020
parent reply Quantium <qchessv2 gmail.com> writes:
On Wednesday, 8 April 2020 at 20:46:48 UTC, H. S. Teoh wrote:

 On Wed, Apr 08, 2020 at 08:16:27PM +0000, Quantium via 
 Digitalmars-d-learn wrote:

 On Wednesday, 8 April 2020 at 16:25:01 UTC, Net wrote:


 [...]

 As far I know, you can't access other's program memory in 
 any modern operating system.  That's managed and protected 
 by the OS through virtual addressing.




 On Linux, you can access process memory using the virtual file 
 /proc/$pid/mem, where $pid is the process ID.  But you need 
 root access for this to work, and you also need to know how the 
 memory is mapped in the process (reading from an unmapped 
 offset will return I/O error).



 What are you trying to do?


 
 Now I know that programm even at Administrator mode cannot do 
 this. Only system permission can do that. Or a driver on a 
 kernel-level (zero level).  So now the question is how to code 
 driver, which gets other process' memory on D.


 This question has nothing to do with D.  You need to know how 
 your OS works, and whether it has an interface that provides 
 the access you want.  The programming language cannot give you 
 this, and is also irrelevant as far as performing this 
 operation is concerned; if you have an API that can do this, 
 you can do it in any language.



 Also, I know antiviruses will try to block this driver so I'll 
 test it with no antiviruses and Microsoft Defender off. Or if 
 I'm mistaking anywhere and this is impossible on Windows, is 
 it possible on Linux?


 You didn't answer the question.  Why are you trying to access 
 another process's memory?  Without knowing what you're trying 
 to do, it's hard to give you a more specific answer.


 T


I'm trying to do this because I have very special programm that 
makes some calculations and on every calculation there is a hash 
in RAM. I need to get a one of hash values from a .bin file, and 
replace them. I mean hash in RAM of the programm is added to end 
of .bin file, and one of hashes from that file (I set up sorting 
algorithm by myself) is in RAM of programm.
Apr 08 2020
parent reply Gregor =?UTF-8?B?TcO8Y2ts?= <gregormueckl gmx.de> writes:
On Wednesday, 8 April 2020 at 21:04:42 UTC, Quantium wrote:

 I'm trying to do this because I have very special programm that 
 makes some calculations and on every calculation there is a 
 hash in RAM. I need to get a one of hash values from a .bin 
 file, and replace them. I mean hash in RAM of the programm is 
 added to end of .bin file, and one of hashes from that file (I 
 set up sorting algorithm by myself) is in RAM of programm.


This sounds very similar to how one would try to circumvent a 
file integrity check in a Windows program.

Anyway, messing with another, isolated processes is stuff that is 
highly specific to each operating system. Anyway, there are no 
generic answers to your question. This is hardcore systems 
programming. You should rather look at your OS documentation to 
see what is provided there.
Apr 09 2020
parent reply Quantium <qchessv2 gmail.com> writes:
 Anyway, messing with another, isolated processes is stuff that 
 is highly specific to each operating system. Anyway, there are 
 no generic answers to your question. This is hardcore systems 
 programming. You should rather look at your OS documentation to 
 see what is provided there.


Ok. For training example, we're using Windows 10 Por. We can use 
WinAPI. Are there any D libs to use WinAPI?
Apr 09 2020
next sibling parent Quantium <qchessv2 gmail.com> writes:
On Thursday, 9 April 2020 at 17:23:19 UTC, Quantium wrote:

 Anyway, messing with another, isolated processes is stuff that 
 is highly specific to each operating system. Anyway, there are 
 no generic answers to your question. This is hardcore systems 
 programming. You should rather look at your OS documentation 
 to see what is provided there.


 Ok. For training example, we're using Windows 10 Por. We can 
 use WinAPI. Are there any D libs to use WinAPI?


I mean Win 10 Pro, misprint :)
Apr 09 2020
prev sibling next sibling parent Adam D. Ruppe <destructionator gmail.com> writes:
On Thursday, 9 April 2020 at 17:23:19 UTC, Quantium wrote:

 We can use WinAPI. Are there any D libs to use WinAPI?


import core.sys.windows.windows;

it is all built in.
Apr 09 2020
prev sibling parent reply Dennis <dkorpel gmail.com> writes:
On Thursday, 9 April 2020 at 17:23:19 UTC, Quantium wrote:

 Ok. For training example, we're using Windows 10 Por. We can 
 use WinAPI. Are there any D libs to use WinAPI?


I have used the Windows API to read/write into a different 
process before. Here is some example code in case it's useful: (I 
removed some stuff without recompiling so it may have some errors)

```
version(Windows):
pragma(lib, "Kernel32.lib");
pragma(lib, "Psapi.lib");

struct WinProcess
{
     import core.sys.windows.winbase: OpenProcess, 
ReadProcessMemory, WriteProcessMemory, CloseHandle;
     import core.sys.windows.windows : PROCESS_VM_READ, 
PROCESS_VM_WRITE,
         PROCESS_QUERY_INFORMATION, PROCESS_VM_OPERATION, HANDLE;

     import std.bitmanip;
     import std.exception: enforce;

     int processId = -1; /// Id of the process this is attached to
     HANDLE processHandle = null; /// Windows handle of the process

     this(int processId) {
         this.processId = processId;

         const access = PROCESS_VM_READ | PROCESS_QUERY_INFORMATION
             | PROCESS_VM_WRITE | PROCESS_VM_OPERATION;
         this.processHandle = OpenProcess(access, false, 
processId);
         enforce(processHandle, "could not open process");
     }

     import std.traits: isNumeric;

     void write(T)(void* address, T value) if (isNumeric!T) {
         enforce(processHandle != null, "not attached to a process 
yet");
         size_t bytesWritten = 0;
         ubyte[T.sizeof] buffer;
         auto b = buffer[];
         b.write(value, 0);
         WriteProcessMemory(processHandle, address, cast(void*) 
buffer, buffer.sizeof, &bytesWritten);
         enforce(bytesWritten == T.sizeof, "could not write all 
bytes");
     }

     T read(T)(void* address) if (isNumeric!T) {
         enforce(processHandle != null, "not attached to a process 
yet");
         size_t bytesRead = 0;
         ubyte[T.sizeof] buffer;

         ReadProcessMemory(processHandle, address, cast(void*) 
buffer, buffer.sizeof, &bytesRead);

         enforce(bytesRead == T.sizeof, "could not read all 
bytes");

         auto b = buffer[]; // lvalue
         return b.read!T;
     }
}
```
Apr 09 2020
next sibling parent reply Quantium <qchessv2 gmail.com> writes:
I see this code imports drivers and does it depend on processor 
architecture? Would it work only on 64-bit or 32-bit or some 
special architechtures?
Apr 09 2020
parent reply Dennis <dkorpel gmail.com> writes:
On Thursday, 9 April 2020 at 19:27:16 UTC, Quantium wrote:

 I see this code imports drivers and does it depend on processor 
 architecture? Would it work only on 64-bit or 32-bit or some 
 special architechtures?


kernel32.dll and psapi.dll should be present on any normal 
Windows 10 installation.

Windows only runs on x86 and ARM processors as far as I know. I 
have never used Windows with an ARM processor, but I assume such 
a Windows installation has the full WinAPI implemented, in which 
case it should work.

As for 32-bit/64-bit on x86:

- 32-bit OMF: might work, but I often get errors because the 
Digital Mars import libraries for Windows dll's are outdated so I 
don't recommend this target
- 32-bit COFF: pretty sure it works
- 64-bit COFF: definitely works, I use this regularly.

In any case, I suggest you just try these out to see yourself.
Apr 09 2020
parent rikki cattermole <rikki cattermole.co.nz> writes:
On 10/04/2020 7:42 AM, Dennis wrote:

 On Thursday, 9 April 2020 at 19:27:16 UTC, Quantium wrote:

 I see this code imports drivers and does it depend on processor 
 architecture? Would it work only on 64-bit or 32-bit or some special 
 architechtures?


 
 kernel32.dll and psapi.dll should be present on any normal Windows 10 
 installation.
 
 Windows only runs on x86 and ARM processors as far as I know. I have 
 never used Windows with an ARM processor, but I assume such a Windows 
 installation has the full WinAPI implemented, in which case it should work.
 
 As for 32-bit/64-bit on x86:
 
 - 32-bit OMF: might work, but I often get errors because the Digital 
 Mars import libraries for Windows dll's are outdated so I don't 
 recommend this target
 - 32-bit COFF: pretty sure it works
 - 64-bit COFF: definitely works, I use this regularly.
 
 In any case, I suggest you just try these out to see yourself.


These API's are old and well used. They will work no problem on all targets.
Apr 09 2020
prev sibling parent Quantium <qchessv2 gmail.com> writes:
I've tried this on 64 bit, it works. But when I start VirtualBox 
with Windows 10 32-bit on it, it doesnt works.
Apr 10 2020