How to find a memory value, and modify the source.

A lot of people have been asking how exactly to find a memory address.  So I decided to write up a little tutorial describing what program I used, and how to incorporate the found address into a program.

First off, your going to need a program called cheatengine.  It’s basically the gameshark of the PC; scanning and organizing changes written to memory. Though intended for games it will work for just about any process. The program I am going to be scanning is called RealTemp. A little utility that monitors CPU temp, and spends its time hanging out in the taskbar.

First off lets open RealTemp.

It displays temperature for all four of my cpu’s cores. Lets determine the address that holds the value of the first core’s temperature which for me hovers at about 58. Open up cheatengine, and select the the RealTemp process by clicking on the flashing icon.

Now lets get started hunting down the address.  Change value type to “4 byte” its the most common data type for whole numbers, and for scan type do exact value. Its a little tricky, because the value is uncontrollable, and changes every second.  The best way for me is to use a value that pops up a lot like 58. So enter your “common popup” number under value.

Now wait until the actual value becomes your previously picked out common pop up number and click first scan.  Quickly the list in the left hand pane will populate itself with a large list of addresses.

To reduce this list, change your common pop up value to something else like 60. Then wait for the actual value to be equal, and hit next scan.  Repeat until only a small list of value are left all with equal value and changes. Note: the appeared values update real time.

The addresses in green are static addresses, so use them if you can, as the black ones may or may not be the same next time you load up the program.  This can be fixed with pointers, but I won’t delve into that here.  Tutorials and guides are easily found on your favorite flavor search engine.  Controllable values are much easier to find.  You can use other functions like increased value, stayed the same, or unknown initial value to narrow down some really complicated values.

Now lets write a simple program that lets you push a button, and display the CPU temp in a message box as well as blast the sparkfun serial display. To make reading from memory a lot simpler I reference VAmemory.dll which was written by Patrickssj6, and is available for download at the bottom of the post. Just download and add it as a reference in visual express.
Here’s the code, its real simple:

The Port.Write(“v”) sends a model specific clear code to the display. Also be sure to change the port to the right one for your computer.

If your still a little lost check out Patrickssj6′s tutorials on finding a memory value and using his dll. You can find them here:  http://www.vivid-abstractions.net/forum/viewtopic.php?f=15&t=200 as well as his VAMemory dll here: VAMemory

This entry was posted in Programming and tagged , , , . Bookmark the permalink.

2 Responses to How to find a memory value, and modify the source.

  1. Pingback: Connecting Bloggers » Blog Archive » Auxiliary scoreboard reads status directly from memory

  2. Patrickssj6 says:

    Once again very creative use! VAMemory will be rewritten soon to be more stable and allow for more features. Keep your good work up!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>