Memory sniffing.

[Zacariaz]

I have, for a long time, tried to solve one specific problem, but it always seemed that there was only one specific way to go about it, a way which are simply too complicated for me with my limited talents to solve, by using OCR. Then the other day the obvious occurred to me.

I know that the data I'm looking to retrieve is stored somewhere in memory and if I had easy access it shouldn't be hard to locate and retrieve.

Well, I suspect that it's not quite as easy as it sounds, but I also suspect that this is the right place to ask.

Is it even possible? (We're talking Windows by the way.)

If so, would it, like with the OCR, be to complicated a method for me to try? (obviously you can't answer that, but you can guess.)


Thank you for your attention and best regards.

[Solar]

Too little information.

Do you mean sniffing in another process' memory, or are we talking about sniffing in your own address space (i.e., are we talking about an application or a library here)?

Do you require the process to survive the sniffing, or are we talking post-mortem analysis?

[Zacariaz]

I always forget to tell the whole story.

We're talking about another process, more specifically a game. In this game there's certain information which you're presented with. However, I want an easy method of collecting this information. OCR could be the answer, but as I need the retrieved information to be 100% correct and I don't know a lot about this subject anyway, I've kind of given up on that.

I do however imagine that the alternative might be even more complicated, short of making a hardware solution, thus I ask here to learn if this is a waste of time, or not.


Thanks

edit:
Yes, this need to take place during the execution and it is necessary for the process to survive. All though the post mortem idea isn't bad. Hadn't considered that.

[Gigasoft]

Yes, in Windows you can read the memory of another process using the ReadProcessMemory function.

[AntiRush]

Yes, if its windows you're looking at ReadProcessMemory will likely be a good place for you to start. With a combination of a debugger like ollydbg and a memory searching tool like CheatEngine you can probably find what you're looking for and read it with ReadProcessMemory. Many games use DMA (Dynamic Memory Allocation, not the more common, at least around here, acronym) which makes it a bit harder since structures aren't going to be at the same absolute value each time the game is run. Depending on what exactly you need to do you may want to run your own code in the game's process using some form of dll injection and/or runtime patching.
Years ago I did a lot of work with Diablo II and this sort of thing - if you have more specific questions I may be able to help.

[Zacariaz]

Wow, that's the answer I was hoping for, but not really expecting. Though it does sound a little bit more complicated than I had first hoped, it seems like it could work.

Should I need your help, and I probably will, I'll return to bother you some more.


Thank you all and best regards.