3 Replies - 294 Views - Last Post: 18 April 2013 - 07:52 PM Rate Topic: -----

#1 ApexTheCoder  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 10
  • Joined: 24-March 13

ReadProcessMemory Help

Posted 18 April 2013 - 04:50 PM

Hey guys. I'm trying to use the ReadProcessMemory function, but every time I try to output the bytes, I get NULL, like this.
I can't seem to find the error.
Any help is greatly appreciated. Thanks in advance.
Posted Image

This is my code:


#include <iostream> 
#include <windows.h>
#include <tlhelp32.h>

using namespace std; 

int main()
{

	HANDLE GetSystemSnapshot;
	HANDLE OpenProHandle;
	PROCESSENTRY32 CurProcess;
	char bufferz[100] = "";

	//Create Snapshot
	GetSystemSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

	//Set Size of CurProcess
	CurProcess.dwSize = sizeof(PROCESSENTRY32);

	//Process32First
	Process32First(GetSystemSnapshot, &CurProcess);

	cout << "Process Path: " << CurProcess.szExeFile << endl;
	cout << "Number of Threads: " << CurProcess.cntThreads << endl;
	cout << "Process ID: " << CurProcess.th32ProcessID << endl;



	cin.get();

	//Process32Next
	while(Process32Next(GetSystemSnapshot, &CurProcess))
	{

		cout << "Process Path: " << CurProcess.szExeFile << endl;
		cout << "Number of Threads: " << CurProcess.cntThreads << endl;
		cout << "Process ID: " << CurProcess.th32ProcessID << endl;
		cout << endl;

		OpenProHandle = OpenProcess(PROCESS_VM_READ, FALSE, CurProcess.th32ProcessID);
		ReadProcessMemory(OpenProHandle, (void*)(0x7ffdf000), bufferz, 10, NULL);
		printf("%s", bufferz[0]);
		cin.get();
	}


	cin.get();
	return 0;
}



Is This A Good Question/Topic? 0
  • +

Replies To: ReadProcessMemory Help

#2 jjl  Icon User is offline

  • Engineer
  • member icon

Reputation: 1046
  • View blog
  • Posts: 4,449
  • Joined: 09-June 09

Re: ReadProcessMemory Help

Posted 18 April 2013 - 05:58 PM

ReadProcessMemory(OpenProHandle, (void*)(0x7ffdf000), bufferz, 10, NULL);



Instead of passing a fixed base address, take a look at VirtuaQueryEx to get the range of accessible memory pages.

http://msdn.microsof...907(VS.85).aspx
Was This Post Helpful? 0
  • +
  • -

#3 ApexTheCoder  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 10
  • Joined: 24-March 13

Re: ReadProcessMemory Help

Posted 18 April 2013 - 06:21 PM

View Postjjl, on 18 April 2013 - 05:58 PM, said:

ReadProcessMemory(OpenProHandle, (void*)(0x7ffdf000), bufferz, 10, NULL);



Instead of passing a fixed base address, take a look at VirtuaQueryEx to get the range of accessible memory pages.

http://msdn.microsof...907(VS.85).aspx


Hey, thanks for the reply. I'm currently trying your suggestion, but I still obtain the null.
Here is what I did:

OpenProHandle = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, CurProcess.th32ProcessID);
VirtualQueryEx(OpenProHandle,NULL,&MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
ReadProcessMemory(OpenProHandle,MemInfo.BaseAddress,bufferz,10,NULL);
printf("%s", bufferz[0]);


Was This Post Helpful? 0
  • +
  • -

#4 Skydiver  Icon User is online

  • Code herder
  • member icon

Reputation: 3161
  • View blog
  • Posts: 9,540
  • Joined: 05-May 12

Re: ReadProcessMemory Help

Posted 18 April 2013 - 07:52 PM

I'm going to assume that OpenProcess(), VirtualQueryEx(), and ReadProcessMemory() succeeded. You should verify by checking their return values to make sure that they are succeeding.

Anyway, with that assumption, your printf() on line 4 is messed up. You simply need to pass bufferz, not bufferz[0]. This is because with "%s", the expectation is to find the address of the C string, not a character.

Even if you did pass in bufferz, instead of bufferz[0], things are still messed up. What if the 10 memory bytes that you read does not contain an ANSI C string? What if it the 10 bytes don't include a null terminator if it's an ANSI C string? What if it contains a UNICODE C string? What if it's a set of raw bytes that included an embedded '\0'?
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1