As an experienced web-developer, but a novice “low level” programmer, this stuff is sort of voodoo to me still.
I’m curious about how one would even begin to go about finding a memory block, and then reading it (for example, reading the timer in a game of mines)? Is this different by OS / OS version?
This is a somewhat tricky and even complex question, in a sense that you can go quite deep with this. But to simplify things a bit:
Considering your example of “reading the timer in a game of mines“:
First step is to find the memory address. This is usually done with a tool called memory editor(a debugger would do too, in some cases) which can use various methods to find the location of a variable in the process memory. Common way is to look for a certain value(for example the value of the timer) in target process’ memory space, then change the target value(e.g. advance the timer) and look for matches again. This process pins down the candidates every iteration until there’s only the exact variable left. Taking the address of that variable within the process’ memory space is just a matter of a mouse click with a memory editor.
Second step is to modify the data in that particular address. How this is done depends on the operating system. With Windows, there’s a WinAPI call named WriteProcessMemory which can be used to write pre-defined data to a given address within the target process’ memory space. In our example, you would use this function to overwrite the timer variable in the target process with your own desired value, effectively changing the timer in the game.
In practice you’d have to find the target process’ process ID, and then attach your rogue process to the target process to gain the ability to modify its memory space. This is quite trivial task, but does not contribute to answering the question so I’ve left it out as an exercise to the reader. 😉
2
It’s entirely different by OS. Some won’t allow you to do it at all, and you have to have some means of knowing where the data you want is in the target’s memory space.
Here’s how to do it on Linux:
https://unix.stackexchange.com/questions/6301/how-do-i-read-from-proc-pid-mem-under-linux
2
An application is given a range of memory by the OS. Generally, the application has to request the memory but that functionality may be obscured to the programmer because of the language.
Languages like C allow for block requests for specific sizes, whereas other languages like C++, C#, and Java allow for requests through the use of keywords like new. Each language has a number of ways to allocate memory, so this is just a brief overview. Releasing the memory back to the OS may either be done explicitly or through a garbage collector.
Accessing the memory within the application depends upon how it was allocated. C and C++ are the best known for using the concept of pointers to indicate / track where the memory is located. Otherwise, memory access is handled through the class or variable that was created.
Most of the time, you don’t have to worry about specific memory access within your program. The language constructs and OS effectively obscure that concern for you.
Your example of a timer in a game is a great example of where you wouldn’t need to worry about the underlying memory allocation. You’ll have a variable representing the timer, and you’ll just read from the variable.
My answer is relevant for when you are writing the application, whereas zxcdw’s answer is relevant for accessing memory that belongs to another application. Your LMGTFY terms would be “debugging” and “reverse-engineering” to delve further into that topic.
Some additional reading:
- The Wikipedia article on Computer Memory will give you a decent overview of things.
- Then look into the Wikipedia article on Memory-mapped I/O to get a deeper understanding of the machinations that go on.
- Finally, look at the article on Virtual Memory to get a better answer for how each OS will handle memory mapping a little bit differently than the others.
2