I need to scan another process' memory in Windows. The ReadProcessMemory function does it just fine but it copies each time memory from the target process to one of my buffers.. is there any way to access another process' memory without copying it to my process' memory every time? If there were I could use pointers to access the other process' memory
- 5You could inject your scanning code into the other process and use inter-process communication to pass the results of the scan to the controlling process.krlmlr– krlmlr2013-01-02 21:23:02 +00:00Commented Jan 2, 2013 at 21:23
- 1@StoryTeller: not necessarily. It could be mapped into your virtual address space for read-only, just like you can do with file-mapping. Implementable in principle, though I doubt there is an API for this.Yakov Galka– Yakov Galka2013-01-02 21:25:38 +00:00Commented Jan 2, 2013 at 21:25
- 1@JohnnyPauling: I suspect that copying memory around always adds overhead.krlmlr– krlmlr2013-01-02 21:29:14 +00:00Commented Jan 2, 2013 at 21:29
- 4Let's take a step back. What is the problem where you think scanning another process's memory is the solution? You should be using whatever interfaces are exposed by the application; anything else is just an unsupported hack.Raymond Chen– Raymond Chen2013-01-02 21:44:29 +00:00Commented Jan 2, 2013 at 21:44
- 3Debuggers use ReadProcessMemory(). They minimize the amount of memory they need to read; they only read what they're going to display (in a memory view window or a watch window.)MikeB– MikeB2013-01-02 22:22:02 +00:00Commented Jan 2, 2013 at 22:22
| Show 6 more comments
1 Answer
Debuggers use ReadProcessMemory, so if you're implementing something that functions like a debugger, that's the right way to do it.
If you're implementing something else, you're probably heading into the weeds and you should give us a higher-level view of the problem you're trying to solve.
2 Comments
Johnny Pauling
I didn't know that debuggers use ReadProcessMemory, do they read small chunks of memory at a time or do they read all the process' memory into one buffer?
Raymond Chen
They read only what they need. Rarely does a debugger need to access the entire process's memory all at once.