EvilZone

General Tech => Hardware => Topic started by: relax on August 22, 2012, 07:58:54 AM

Title: Random Access Memory
Post by: relax on August 22, 2012, 07:58:54 AM

Sorry if i am posting in wrong category feel free to move me.

The question:
Can you reading content from RAM and if so How?
in linux you can type [hexedit /dev/mem] as i understand after googling it.
But how to do it in windows?

BO:
a topic that is close tho this one is Buffert Overflow.
don't know much about it maybe it can be done somehow in that way.
Should i read into BO? don't really understand it

Title: Re: Random Access Memory
Post by: RedBullAddicted on August 22, 2012, 08:03:46 AM

Hi Relax,

I can only provide a link for you. In my opinion this is one of the best description for stack based overflows I have ever found on the web. It will take some time and I am sure reading it once will not be enough.

https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ (https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/)

Cheers

Title: Re: Random Access Memory
Post by: relax on August 22, 2012, 08:13:49 AM

wonderful :)
 I read it as soon as I wake up tomorrow, I'm tired of all the studying and tests.

Title: Re: Random Access Memory
Post by: techb on August 22, 2012, 08:14:40 AM

If I understand C correctly, couldn't you use pointers to read random addresses in memory?

Title: Re: Random Access Memory
Post by: Kulverstukas on August 22, 2012, 09:07:21 AM

Moved it to Hardware. Kinda seems more appropriate in here.

Title: Re: Random Access Memory
Post by: relax on August 22, 2012, 06:16:52 PM

Quote from: techb on August 22, 2012, 08:14:40 AM

If I understand C correctly, couldn't you use pointers to read random addresses in memory?

as I understand it, a c / c + + programs can only read from its own memory, not other programs memory.

 I know that cheat engine program can read from other application's memory. the only question is how

Title: Re: Random Access Memory
Post by: frog on August 23, 2012, 12:58:02 AM

You have to create your own debugger. This can be done a few different ways depending on the programming language and the operating system. If you like python, somewhere in the gray hat python book it shows you how to do this. There isn't a simple answer, unfortunately.

EDIT:
More specifically, the ram is read through functions provided by the operating system. Cheat-engine demonstrates this concept of attaching to a process and reading/modifying the memory. Usually administrative/root access is all you need to be granted permission to other programs' memory.

Here's reference to a few key functions built-in to windows for doing this:
http://msdn.microsoft.com/en-us/library/ms680553%28VS.85%29.aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/ms684175%28v=vs.85%29.aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/ms683212%28v=vs.85%29.aspx

Title: Re: Random Access Memory
Post by: namespace7 on August 23, 2012, 06:08:09 PM

Quote from: Kulverstukas on August 22, 2012, 09:07:21 AM

Moved it to Hardware. Kinda seems more appropriate in here.

How is this hardware?
If this is hardware, then a discussion about reading data from a hard disk is also a hardware discussion....

Reading RAM is a very common activity in cracking and reverse engineering.

:)