Trying to read physical memory in windows.

[bkowlagi]

I have this piece of code written for Unix which I am trying to port to Windows. The code is as follows.

int fd;
off_t fp = 0xE0000;
const char *devmem = "/dev/mem"

fd = open(devmem, O_RDONLY);
lseek (fd, fp, SEEK_SET);

In UNIX you can treat memory as a file device but can this be done in windows (without crashing the system). If not is there an alternative? I am basically trying to read the memory between 0x000E00000 and 0x000F00000 locations.

 

[PerFnurt]

>In UNIX you can treat memory as a file device but can this be done in windows

Yes. See CreateFileMapping function in MSDN (platform SDK).

>I am basically trying to read the memory between 0x000E00000 and 0x000F00000 locations.

Ok, but you do realize that each process has its own adress space, right?



/Per
[sub]
if (typos) cout << &quot;My fingers are faster than my brain. Sorry for the typos.&quot;;
[/sub]

 

[palbano]

Win32 isolates process memory. We don’t know what that memory location represents. Your port may entail more than just writing to memory. There may be kernel API's that need to replace the system memory access methods used in Unix. If you tell us what the purpose of the code is perhaps you will get a more helpful answer.

-pete

 

[bkowlagi]

Ok. What I am basically trying to do is search for a string &quot;_SM_&quot; that occurs between the memory locations as told before. Once I get the address of this string then I can get other details about the SMBIOS structure which is what I am actually after.

I know I am looking at memory out my process space. but then how do I do it?

 

[palbano]

I'm not so sure that's the way to go. Try looking at the Win32_BIOS structure documentation in the Platform SDK: Windows Management Instrumentation

-pete

 

[bkowlagi]

I am aware of retrieving data out of WIN32_BIOS, but it is SMBIOS I am specifically interested in.

I tried using the following code

//code begin
NTSTATUS status;
HANDLE physmem;

status = NtOpenSection( &physmem, SECTION_MAP_READ, &attributes );

if( !NT_SUCCESS( status )) {

PrintError( &quot;Could not open \\device\\physicalmemory&quot;, status );
return NULL;
}

return physmem;

//code ends
I am able to get the handle (physmem) but when I try

_lseek(physmem, 0x000F0000, SEEK_SET); //I am trying to set the pointer to the offset so then I can start searching for the string

perror() gives &quot;Bad file descriptor&quot;

So which means physmem cannot be used as a File Handle though technically it is a Handle. Hence _lseek fails. I did see the docs for CreateFileMapping but how do I use use it in this context?

 

[lionelhill]

I sort-of feel this is an unpromising way to go about it. You might manage to do something this time that gets the data you want, but looking in physical memory that doesn't &quot;belong&quot; to you is something an operating system is unlikely to approve of: if you get it to work now on the operating system you are using, it's highly likely to go wrong in the future as operating system designers improve the features that prevent your programming from getting access to memory it shouldn't know about.