Hi,
I need to write an app that read/write accesses memory on a Windows XP, outside the JVM. I am aware that this can not be done with java, and must be implemented with native calls from JNI.
As I am not familiar with neither C or C++, I need some suggestions on a JNI example including dll, that can read/write to memory.
Thanks.
/Yakete
I found a solution to my problem - JNative (http://jnative.free.fr) is my friend :-)
For those interested, I've included a snippet from my app, that demonstrates the basics. All you need is the process id (pid), of the application you want to examine. There are several ways to obtain this, and fairly simple to obtain from java as well, though it's a bit out of scope for this post - if you want to test below, just use pslist.exe from the pstools package to get the pid of any process (eg. the windows calculator, which most likely will use base add= 16777216, as in below)
/Yakete
HANDLE processHandle = Kernel32.OpenProcess(Kernel32.PROCESS_QUERY_INFORMATION | Kernel32.PROCESS_VM_READ, false, pid); // pid: process id
JNative readProcessMemory = new JNative("Kernel32.dll", "ReadProcessMemory");
int b = 128; // buffer size
Pointer p = new Pointer(MemoryBlockFactory.createMemoryBlock(b));
//int base = 4194304; // common start address
int base = 16777216;
readProcessMemory.setRetVal(Type.INT);
readProcessMemory.setParameter(0,processHandle.getValue().intValue());
readProcessMemory.setParameter(1,base);
readProcessMemory.setParameter(2,p);
readProcessMemory.setParameter(3, b);
for (int x = 0; x < 100; x++) { //loop thru the first 128*100 bytes of app memory, starting at base address
readProcessMemory.setParameter(1, base + x * b); // move the pointer to the start of the next 128 byte chunk
readProcessMemory.invoke();
if (readProcessMemory.getRetValAsInt() == 0) { // <>0: Good, 1: read failed, most likely memnory access rights
System.out.println("Read fail - check access rights: " + x * b);
break;
}
}
for (int i = 0; i < b; i++)
System.out.println(p.getMemory());
