begining address and stop address for another program

Hi,
I has write a program to find a value form another program (SetValue.exe,Has
a button and a edit box,when i press the button the editbox value will set
to a  integer variable).
Base on the result below, how can I start find the value or string, which is
the begining address and stop address?
a sample source is better.

Task Manager for SetValue.exe =2576k
SysInfo.lpMinimumApplicationAddress=65536
SysInfo.lpMaximumApplicationAddress=2147418111
PROCESSOR_INTEL_PENTIUM
GetProcessMemoryInfo.WorkingSetSize 2646016
GetModuleInformation for SetValue.exe lpBaseOfDll=$00400000
SizeOfImage=405504 bytes EntryPoint=$0044F358
QueryWorkingSet for SetValue.exe
addr=$00400000 type=Read-only, Shareable
addr=$C0000000 type=Read/write
addr=$00010000 type=Read/write
addr=$00020000 type=Read/write
addr=$7FFDE000 type=Unknown
addr=$0012F000 type=Read/write
addr=$C01DF000 type=Read/write
addr=$00453000 type=Read/write
addr=$0044E000 type=Unknown, Shareable
addr=$0040A000 type=Unknown, Shareable
addr=$0041B000 type=Unknown, Shareable
addr=$0080C000 type=Read/write
addr=$00434000 type=Unknown, Shareable
addr=$00450000 type=Read/write
addr=$00454000 type=Copy on write, Shareable
addr=$C01F3000 type=Read/write
addr=$00456000 type=Read-only, Shareable
addr=$0040B000 type=Unknown, Shareable
addr=$00413000 type=Unknown, Shareable
addr=$0044F000 type=Unknown, Shareable
addr=$00405000 type=Unknown, Shareable
addr=$00452000 type=Read/write
addr=$00403000 type=Unknown, Shareable
addr=$00402000 type=Unknown, Shareable
addr=$00401000 type=Unknown, Shareable
addr=$00406000 type=Unknown, Shareable
addr=$00410000 type=Unknown, Shareable
addr=$0040C000 type=Unknown, Shareable
addr=$00404000 type=Unknown, Shareable
addr=$00D13000 type=Read/write
addr=$7FFB2000 type=Read-only, Shareable
addr=$00423000 type=Unknown, Shareable
addr=$00420000 type=Unknown, Shareable
addr=$00461000 type=Read-only, Shareable
addr=$00136000 type=Read/write
addr=$C0003000 type=Read/write
addr=$00C03000 type=Read/write
addr=$00451000 type=Copy on write, Shareable
addr=$0040F000 type=Unknown, Shareable
addr=$0040E000 type=Unknown, Shareable
addr=$0041A000 type=Unknown, Shareable
addr=$00418000 type=Unknown, Shareable
addr=$00411000 type=Unknown, Shareable
addr=$00422000 type=Unknown, Shareable
addr=$0041D000 type=Unknown, Shareable
addr=$00446000 type=Unknown, Shareable
addr=$0043C000 type=Unknown, Shareable
addr=$00442000 type=Unknown, Shareable
addr=$0045F000 type=Read-only, Shareable
addr=$00460000 type=Read-only, Shareable
addr=$00414000 type=Unknown, Shareable
addr=$00424000 type=Unknown, Shareable
addr=$00425000 type=Unknown, Shareable
addr=$00408000 type=Unknown, Shareable
addr=$0042B000 type=Unknown, Shareable
addr=$00444000 type=Unknown, Shareable
addr=$00462000 type=Read-only, Shareable
addr=$0045E000 type=Read-only, Shareable
addr=$00447000 type=Unknown, Shareable
addr=$0041C000 type=Unknown, Shareable
addr=$0044C000 type=Unknown, Shareable
addr=$0041E000 type=Unknown, Shareable
addr=$00419000 type=Unknown, Shareable
addr=$00D00000 type=Unknown
addr=$0044B000 type=Unknown, Shareable
addr=$0044D000 type=Unknown, Shareable
addr=$00435000 type=Unknown, Shareable
addr=$00436000 type=Unknown, Shareable
addr=$0042D000 type=Unknown, Shareable
addr=$00429000 type=Unknown, Shareable
addr=$00415000 type=Unknown, Shareable
addr=$0042C000 type=Unknown, Shareable
addr=$0042E000 type=Unknown, Shareable
addr=$00432000 type=Unknown, Shareable
addr=$00431000 type=Unknown, Shareable
addr=$0043A000 type=Unknown, Shareable
addr=$00443000 type=Unknown, Shareable
addr=$00445000 type=Unknown, Shareable
addr=$0044A000 type=Unknown, Shareable
addr=$00417000 type=Unknown, Shareable
addr=$00416000 type=Unknown, Shareable
addr=$00427000 type=Unknown, Shareable
addr=$00412000 type=Unknown, Shareable
addr=$00C07000 type=Read/write
addr=$00449000 type=Unknown, Shareable
addr=$00433000 type=Unknown, Shareable
addr=$00455000 type=Read/write
addr=$00426000 type=Unknown, Shareable
addr=$0040D000 type=Unknown, Shareable
addr=$0043D000 type=Unknown, Shareable
addr=$00407000 type=Unknown, Shareable
addr=$0042A000 type=Unknown, Shareable
addr=$0042F000 type=Unknown, Shareable
addr=$00430000 type=Unknown, Shareable
addr=$00448000 type=Unknown, Shareable
addr=$00428000 type=Unknown, Shareable
addr=$00439000 type=Unknown, Shareable
addr=$0045D000 type=Read-only, Shareable
addr=$00421000 type=Unknown, Shareable

-------------------------------------
Var
  MinMem, MaxMem: Cardinal;
  i: Cardinal;
  lpAllType: PAllType;
  ReadNum: Cardinal;
  FindWhat: Cardinal;
begin
  If Not FSearching then
     Begin
          FSearching:= True;
          BtnFind.Caption:= 'Stop';

          FindWhat:= StrToInt(FindValue.Text);
          New(lpAllType);

>>>>1. How can I get the MinMem and MaxMem?
>>>>2. Pointer is it equal memory address?
        i:= MinMem;
          While FSearching and (i<MaxMem) do
                Begin
                     If (ReadProcessMemory(ProcessID, Pointer(i), lpAllType,
Sizeof(lpAllType^), ReadNum))=False then
                        Begin
                             ShowError;
                             Break;
                        End
                     Else
                         Begin
                             ............................
                             i:= i+1;
                         End;
                End;

          Dispose(lpAllType);
          FSearching:= False;

Thanks

Regards
Tan

Subject:	begining address and stop address for another program
Posted by:	"Tan" (kunw..@pd.jaring.my)
Date:	Sat, 6 Aug 2005 01:00:02 +0800

begining address and stop address for another program

Glossary

File Types

Replies: