Memory Read/Write functions?

Discussion in 'Mac Programming' started by MacMan93, Jul 20, 2007.

  1. MacMan93 macrumors member

    May 10, 2006
    Well, I'm sorta new with Cocoa but I know my way around. (somewhat)

    I am wanting to write a Memory Editor (well eventually) for OS X. I cannot find any articles or what not about how I would go about reading and writing directly to the RAM. (also searching it but that counts in the "reading" part too)

    Can some one direct me in the right direction with this? An article on accessing RAM using Cocoa?

    Just to give you a better idea. If you've ever heard of Club.Live and LiveMacro. I basicly want to make a Mac OS X version of LiveMacro. :D (Like I said; eventually as I'm still learning)

    Description of what I'm looking to do:
    Scan the memory for a certain number. Then scan the narrowed down amount of numbers for a new certain number(repeat until there is only one left) then change that number (which is a percentage) to 100.

    Also, somthing I'm going to have to tackle later. macros. It would be nice if you also had any links to articles about writing Keyboard/Mouse macros under Cocoa/Obj-C.

    I have searched Google and Developer.Apple and I have found nothing. :( (not sure if I'm using the correct terms and such)

    I did find a great articl on writting a memory scanner. Although, it was for Windows and written in C#.

    :) :apple:
  2. garethlewis2 macrumors 6502

    Dec 6, 2006
    I don't want to sound condescending, you when rewritten your question becomes.

    I want to inflate this bike tyre using a Potato but I cannot get it to work. Can you help?

    You are using the wrong technology for this. Think of Cocoa as just the graphic layer of you application. You can use C calls directly in your Objcetive-C programs to look at memory. Just create a byte *pointer and set it to look at a certain memory address, using standard pointer access look at the data. You can then copy this data into another byte buffer malloced and using an NSView to look at it.
  3. MacMan93 thread starter macrumors member

    May 10, 2006
    Yes, no offence taken. I see what your saying. (I typed it fast and am tired :eek: )

    Thanks. I will go and try to find some information on accesing memory using C.
  4. MacMan93 thread starter macrumors member

    May 10, 2006
    Ok, I have been reading up on pointers and such. So far. I think I've made pretty good process. I'm still having a little trouble with finding the values. Here is what I'm thinking(won't compile. just to explain were I'm at so far):

    int *memPtr;
    memPtr = ?  //This is were I'm stuck. Do I just start off at the first memory address or what?
    if *memPtr = 10 //Current percent completion
             *memPtr = 100 //change 10 to 100% completion
    memPtr = ? // the next memory block over. 

    This is not exactly what I want to do. But I'm just trying to get finding, reading, and changing memory values. After I figure out how to get past my current situation I will go into narrowing down the memory values until I get just one left.(then actually changing the value when I pinpoint 1 memory location that has matched up every time) There are probably MANY instances of "10" stored in the memory.

    Here is a program I wrote to test out actually changing the value:
    #include <stdio.h>
    int *ptr; //Pointer to store memory address
    int p; //Percent
    p = 7; //sample percent
    void main () {
    	printf ("p = %i \n" , p ); //Tells what the current percent is
    	ptr = &p; //Gets the address of P and stores it in "ptr" 
    	printf ("The address of p is: %i \n" , ptr ); //displays address of p
    	*ptr = 100; //Changes value of p using a pointer
    	printf ("p is now equal to: %i \n" , p ); //displays what the percent is now
    This actually compiles and works. Still stuck on the part I mentioned in the first code snippet in this post. Any help with that would be greatly appreciated!

    Thanks so far!!!(and before posting I had no clue what pointers do and I knew very limited C) Now still very limited...but I'm so excited that I'm getting close to atleast having a command line version of this! :eek: :) :D

  5. robbieduncan Moderator emeritus


    Jul 24, 2002
    What, exactly, are you trying to change? You can't just get a pointer to some memory and change values without expecting things to crash completely. You cannot access memory across process boundaries at all. So your program cannot change the memory state of another program.
  6. savar macrumors 68000


    Jun 6, 2003
    District of Columbia
    It looks like you're trying to modify some value in a running application?

    There were old programs that did this, usually for the purpose of modifying a game. Like giving yourself a million points or something.

    This will never work on any modern operating system. Foremost, each application runs in its on virtual memory space, so if you address memory from 0 to 0xFFFF FFFF FFFF FFFF (max address for a 32 bit memory space), its still all in your own address space. So it's literally not possible to address another application's memory.

    Windows, Mac OS X, and every single Linux and Unix I've ever used have virtual memory that essentially works this way.

    You could modify the target application itself, but seriously it sounds like you're out of your league here.
  7. MacMan93 thread starter macrumors member

    May 10, 2006
    Yes, that is almost exactly what I'm trying to do. There are some online games on When you play them you collect tickets and witht the tickets you can get free stuff from....Micro$oft.

    There is a program called LiveMacro which does what I'm trying to write although it is for Windows. I am trying to make a Mac OS X version of it. (I do NOT have any source code. But I'm willing to email the guy and see if he can help me out any bit)

    The games are flash and ran in the browser.

    I'm still confused how this is possible in Windows but not in OS X.

    CheatEngine and T-Search are also programs for Windows that can modify memory to cheat in games. I just can't see how it is impossible for OS X.....

    I have got my program to be able to read the values of random memory addresses...(and I can change them but I don't want to crash the computer)
  8. robbieduncan Moderator emeritus


    Jul 24, 2002
    If they are running in Flash within a browser it is possible that a another plugin running in the same browser could alter the memory of a plugin within the same browser as this would not cross any process boundaries.

    As noted above all the memory you are accessing "at random" is within a virtual address space so is within your own process. It is not another applications memory.

    If you did this on Windows you would get the same result.
  9. garethlewis2 macrumors 6502

    Dec 6, 2006

    Now I see what you are trying todo.

    I am going to put my physic hat on. It is the one featured in Harry Potter.

    The program on Windows, must be running, but it must take a snapshot of the memory before something happens, and a snapshot of the Flash programs memory, after an event of sometype has occured. It then compares the differences and determines what has changed. This is a very clunky way of doing things, but it does work. It is how HD-DVD and Blu-Ray got cracked so easily.

    Your going about this the wrong way. You need to write a plugin for safari that specifically only gets called when a Flash program of the type you want to modify is executed. That is going to be completely different to the way Windows would do it. A plugin like yours will only get called by Safari when a compatible HTML tag is encoutered, the Flash plugin doesn't run all the time. Only when Flash is on the page and is visible.

    You should check out the Apple developer mailing list, specifically the Safari one. It is the only place that most Apple engineers will post to.
  10. savar macrumors 68000


    Jun 6, 2003
    District of Columbia
    Robbieduncan is correct. Since you're talking about a web browser, it would probably be possible to do what you're doing since the flash and your plugin would be running in the same memory space.

    Still, it sounds pretty tough. On an old system you could do this:

    int searchValue=20;
    void *p = 0;
    while (*p != searchValue) p++;
    printf("found value %d at address %x", *p, p);

    But I don't think this would work on a modern system for several reasons. One is that memory is almost guaranteed not to be contiguously mapped. Which means your plugin would crash the browser as soon as it tried to reference any unmapped memory.

    It would be far less effort for you to buy Windows XP and install it on your Mac and then run this other guy's program.
  11. MacMan93 thread starter macrumors member

    May 10, 2006
    I already have a PC computer and my mac mini with a beta version of VMare fusion + XP installed.

    I was simply doing this for the challenge, bordem, and something to motivate me to learn C then later Obj-C :)
  12. MacMan93 thread starter macrumors member

    May 10, 2006
  13. overcast macrumors 6502a

    Jun 27, 2007
    Rochester, NY
    I think had you better start with "Hello World" and work up from there.
  14. ChrisA macrumors G4

    Jan 5, 2006
    Redondo Beach, California
    Don't say "never". There is a system call to map data from one virtual address space into another. The kernel does this routinely. for example oif you run two copies of safari the code is physically only in RAM once but is mapped into both processes address space.

    One good example of a program that can access the memory of another is the common debugger called "gdb" that Apple shiops as part of xcode. Notice that one of the arguments is "Process ID". It can attach to a running process and read/write data in that process. If you own both processes or if you are running as root it can be done. The normal UNIX file permissions apply

    So there is already a program that can do this from the command line so why write another? Just use the debugger. But if you want to, look at mmap(2) man page. If says you can only look at bytes in a file but remember _everything_ is a file in UNIX.

    None of this is OS X specific. It's been this way from at least the mid 80's
  15. savar macrumors 68000


    Jun 6, 2003
    District of Columbia
    Hmm.. interesting idea. I forgot that gdb could attach to an existing process.

    I guess the OP has his work cut out for him. :D

    Source for GDB is here:

    Good luck, I'd definitely like to hear more about this!
  16. scrod macrumors newbie

    Jul 29, 2007
    The Cheat

    It is indeed possible to do this on Mac OS X, and someone has already beat you to it. Behold, the OS X equivalent to the classic Mac OS' Pandora's Box: The Cheat

    It uses official Mach kernel APIs to read and alter memory of other running processes owned by the same user.

    (And there's even source code available to show you how!)
  17. MacMan93 thread starter macrumors member

    May 10, 2006
    Thanks a bunch!

    Now, if I can only get it to work. It may be something with it being a PPC app and I have an Intel mac. (It always returns zero results) I'm going to try and test it on my G3 iMac later.
  18. scrod macrumors newbie

    Jul 29, 2007
    You may find this thread to be of use:

Share This Page