4

Is there a fast way to search/scan the memory of a process for a specific value, find the location of this value, edit and save it?

There are examples like Peeping Tom, but it's very slow and has issues with Vista & Win7.

Rob Kennedy
  • 161,384
  • 21
  • 275
  • 467
Panos Kalatzantonakis
  • 12,525
  • 8
  • 64
  • 85
  • 2
    Assuming that Peeping Tom doesn't do something pretty ridiculous - its probably scanning the process stack and the heap (especially) in the fastest possible manner. If the heap is big, then you are bound to get a performance hit. So you may not find anything faster. – I J Oct 07 '11 at 21:24
  • Why? It is pretty trivial to implement that yourself. Look at `VirtualQueryEx` – Premature Optimization Oct 07 '11 at 22:55
  • @Kabamaru: Share your findings! Did you implement the solution as recommended in the accepted answer? – menjaraz Apr 20 '12 at 08:01

1 Answers1

4

You will have to debug the process (i.e. the equivalent of attaching the process to your custom debugger) and use ReadProcessMemory to read and WriteProcessMemory to write.

This is what the Delphi Code Coverage project is doing to insert breakpoints to track code coverage at runtime.

Look at the class DebugProcess, it has methods to read and write to the memory of the debugged process.

Christer Fahlgren
  • 2,414
  • 2
  • 21
  • 16