如何从内存地址获取值?
[英]How can I get the value from a memory address?
问题描述
I want to get the value from a memory address which I have without crashing the program.
我想从我拥有的内存地址中获取值而不会使程序崩溃。
here is my code:这是我的代码:
int main(){
int *ptr=(int*)0x09D37570;
while(1){
system("cls");
cout<<(*ptr);
}
return 0;
}
but that crashes the program, it crashes by calling *ptr, why does that happen?但这会使程序崩溃,它通过调用 *ptr 崩溃,为什么会这样? how can i get the value without problems?我怎样才能毫无问题地获得价值?
3 个解决方案
解决方案1
5 2012-07-05 02:36:56
You're taking a hardcoded address and expecting it to hold the value you saw.您正在获取一个硬编码地址并期望它保留您看到的值。 However, there are a couple problems with that:但是,这有几个问题:
If worrying about your own process, you have to own that memory.如果担心你自己的过程,你必须拥有那段记忆。 Something you allocate with new or the like had better have snatched that address, otherwise there's no telling what will happen.你用new之类的分配的东西最好已经抢走了那个地址,否则不知道会发生什么。 For example:例如:
int *someAddress = new int (5);
int *somePtr = someAddress; //point to same address as newed
int someInt = *somePtr; //someInt is 5
++somePtr; //uh-oh, now we've left what we newed; it might not be allocated
someInt = *somePtr; //there's no telling if that memory was ok to use
If it does happen to work, you'll just get some random number.如果它确实有效,您将获得一些随机数。 And indeed, if you loop it long enough, it will crash eventually.事实上,如果你循环的时间足够长,它最终会崩溃。 However, even being a problem, it doesn't even directly pertain here!不过,就算是问题,也不直接属于这里!
The biggest problem is that even though it has the same address, it's not the same memory.最大的问题是即使它有相同的地址,它也不是相同的内存。 This might sound confusing, but it's a pretty great topic ( http://en.wikipedia.org/wiki/Virtual_address_space ).这听起来可能令人困惑,但这是一个非常好的主题 ( http://en.wikipedia.org/wiki/Virtual_address_space )。 Basically, each process has the same address values, but they map to different areas in actual memory.基本上,每个进程都有相同的地址值,但它们映射到实际内存中的不同区域。 Therefore, your hardcoded address pertains to your process only.因此,您的硬编码地址仅与您的流程有关。
One way you can look through other processes' memory, on Windows at least, is to use ReadProcessMemory .至少在 Windows 上查看其他进程内存的一种方法是使用ReadProcessMemory 。 On the page, you can see the requirements, such as having the PROCESS_VM_READ privilege for the process you're reading from.在该页面上,您可以看到要求,例如对正在读取的进程具有PROCESS_VM_READ权限。 Be sure to check GetLastError if it fails, too.如果失败,请务必检查GetLastError 。 There's somewhat of a small example here . 这里有一个小例子。
Note that VirtualQueryEx is a good thing to look into before calling ReadProcessMemory , too.请注意,在调用ReadProcessMemory之前, VirtualQueryEx也是一件好事。
It might work, or it might not, but it's the best thing I know of for poking around in other processes' memory space.它可能有效,也可能无效,但这是我所知道的在其他进程的内存空间中探索的最好的方法。 It's worth a shot if you're set on accomplishing this.如果您打算完成此任务,那么值得一试。
解决方案2
3 已采纳 2012-07-05 02:35:16
Every process has its own memory space, the same address in different processes maps different physical address, so it is meaningless to do like that.每个进程都有自己的内存空间,同一个地址在不同的进程中映射不同的物理地址,这样做是没有意义的。
解决方案3
1 2021-04-05 06:48:22
If you are on Linux, you can use gdb to attach to the process, and hit Ctrl-C at some point and then examine the memory.如果你在 Linux 上,你可以使用gdb附加到进程,并在某个时候按 Ctrl-C 然后检查内存。 The command is x , so命令是x ,所以
x 0x09D37570
and you should be able to also do你也应该能够做到
print *(int*)0x09D37570;
Using gdb , you are in the protected memory space of the process.使用gdb ,您处于进程的受保护内存空间中。
What you are trying to do does work if there is no operating system.如果没有操作系统,您尝试做的事情确实有效。 It is the correct way of getting to memory if you are developing firmware, without virtual memory address.如果您正在开发没有虚拟内存地址的固件,这是获取内存的正确方法。
https://sourceware.org/gdb/current/onlinedocs/gdb/Memory.html https://sourceware.org/gdb/current/onlinedocs/gdb/Memory.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.