As an experienced web-developer, but a novice "low level" programmer, this stuff is sort of voodoo to me still.
I'm curious about how one would even begin to go about finding a memory block, and then reading it (for example, reading the timer in a game of mines)? Is this different by OS / OS version?
Best Answer
This is a somewhat tricky and even complex question, in a sense that you can go quite deep with this. But to simplify things a bit:
Considering your example of "reading the timer in a game of mines":
First step is to find the memory address. This is usually done with a tool called memory editor(a debugger would do too, in some cases) which can use various methods to find the location of a variable in the process memory. Common way is to look for a certain value(for example the value of the timer) in target process' memory space, then change the target value(e.g. advance the timer) and look for matches again. This process pins down the candidates every iteration until there's only the exact variable left. Taking the address of that variable within the process' memory space is just a matter of a mouse click with a memory editor.
Second step is to modify the data in that particular address. How this is done depends on the operating system. With Windows, there's a WinAPI call named
WriteProcessMemorywhich can be used to write pre-defined data to a given address within the target process' memory space. In our example, you would use this function to overwrite the timer variable in the target process with your own desired value, effectively changing the timer in the game.In practice you'd have to find the target process' process ID, and then attach your rogue process to the target process to gain the ability to modify its memory space. This is quite trivial task, but does not contribute to answering the question so I've left it out as an exercise to the reader. ;)