C++

Forum

 
Help with Reading Memory?!

BinaryCode (7)
So I'm not very good with C++ yet as I am still learning the basics but I thought I would try to read process memory. For some reason I keep getting the following error messages:

Error 1 error LNK2019: unresolved external symbol "unsigned long __cdecl FindProcessId(class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > const &)" (?FindProcessId@@YAKABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z) referenced in function _main C:\Users\ThisGuy\Documents\Visual Studio 2013\Projects\ExploitConsole\ExploitConsole\ExploitConsole.obj ExploitConsole

Error 2 error LNK1120: 1 unresolved externals C:\Users\ThisGuy\Documents\Visual Studio 2013\Projects\ExploitConsole\Debug\ExploitConsole.exe 1 1 ExploitConsole



Here is my code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
 
#include "stdafx.h"
#include <iostream>
#include <Windows.h>
#include <string>
using namespace std;


DWORD FindProcessId(const std::wstring& processName);

int main()
{
	LPCVOID Address = (LPCVOID)0x00B4A000;
	int buffer[256];
	DWORD ProcessId = FindProcessId(L"Target.exe");
	HANDLE hProcess = OpenProcess(PROCESS_VM_READ, false, ProcessId);
	ReadProcessMemory(hProcess, Address, &buffer, sizeof(buffer), false);
	cout << "Data read from remote process: " << buffer;
}


Oh and btw ignore the extra headers and stuff. Idk why I left them :D
Edit: I know there is a lot of errors :(
Last edited on
integralfx (897)
Where's your definition of FindProcessId?

 
 
ReadProcessMemory(hProcess, Address, &buffer, sizeof(buffer), false);

1
2
3
4
5
6
7
 
BOOL WINAPI ReadProcessMemory(
  _In_  HANDLE  hProcess,
  _In_  LPCVOID lpBaseAddress,
  _Out_ LPVOID  lpBuffer,
  _In_  SIZE_T  nSize,
  _Out_ SIZE_T  *lpNumberOfBytesRead
);

As you can see the last parameter is a pointer to SIZE_T, which is a typedef for a 64 bit int in x64 and an unsigned long in x86.

https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553
https://msdn.microsoft.com/en-au/library/windows/desktop/aa383751(v=vs.85).aspx
Last edited on
BinaryCode (7)
tbh I am so confused. If it helps here is the video I tried to use: https://www.youtube.com/watch?v=Vtlc-WP7iDw
integralfx (897)
tbh I am so confused

What are you confused about?
BinaryCode (7)
Well all of this is very confusing. I mean I know I definitely should not be attempting this at such an early stage but it's necessary for my end goal :D. I almost need an eli5 for your explanation. I'm just a dummy :D
integralfx (897)
1
2
3
4
5
6
7
 
BOOL WINAPI ReadProcessMemory(
  HANDLE  hProcess,
  LPCVOID lpBaseAddress,
  LPVOID  lpBuffer,
  SIZE_T  nSize,
  SIZE_T  *lpNumberOfBytesRead
);

This is the function definition for ReadProcessMemory.

SIZE_T *lpNumberOfBytesRead

lpNumberOfBytesRead [out]
A pointer to a variable that receives the number of bytes transferred into the specified buffer. If lpNumberOfBytesRead is NULL, the parameter is ignored.


If you don't care about how many bytes are read, just pass in a nullptr, because we're using C++, while the Windows API was coded in C, so they don't have nullptr. Instead they have NULL, which is defined as 0; essentially a nullptr.

 
 
ReadProcessMemory(hProcess, Address, &buffer, sizeof(buffer), false);

You passed in false, which is a bool. Coincidentally, when you cast false to an int, it turns out to be 0. But passing falseobscures the logic of your code.

tldr;
 
 
ReadProcessMemory(hProcess, Address, &buffer, sizeof(buffer), nullptr);
Last edited on
BinaryCode (7)
Thank you so much :D. I'm truly sorry if this was frustrating for you to write out for me to understand. I really appreciate it. Have a great evening. P.S Your explanation makes a lot of sense :D

Edit: It still does not work :(
Last edited on
integralfx (897)
Have you defined FindProcessId?
BinaryCode (7)
How/What would I define it to? The memory address?
integralfx (897)
What does your FindProcessId function look like?
What does it do?
BinaryCode (7)
Honestly, I have no idea. I think I am a lost cause :(
integralfx (897)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
#include <iostream>

#define WIN32_LEAN_AND_MEAN		// exclude rarely used Windows headers
#include <Windows.h>
#include <TlHelp32.h>

DWORD FindProcessId(const std::string& processName);

int main( )
{
	const std::string process{ "Target.exe" };

	DWORD processID{ FindProcessId( process ) };
	if( procID == -1 ) {
		std::cerr << "ERROR! Couldn't find " << process << "\n";
		return -1;
	}

	std::cout << process << " process id = " << processID << "\n";
}

DWORD FindProcessId(const std::string& processName)
{
	/* https://msdn.microsoft.com/en-au/library/windows/desktop/ms682489 */
	// take a snapshot of all the processes
	HANDLE hSnap{ CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 ) };
	if( !hSnap || hSnap == INVALID_HANDLE_VALUE ) return -1;

	/* https://msdn.microsoft.com/en-us/library/windows/desktop/ms684839(v=vs.85).aspx */
	PROCESSENTRY32 pe;						// store info about process
	pe.dwSize = sizeof( PROCESSENTRY32 );	// must set this to sizeof( PROCESSENTRY32 )

	/* https://msdn.microsoft.com/en-us/library/windows/desktop/ms684834(v=vs.85).aspx */
	// traverse the processes
	if( !Process32First( hSnap, &pe ) ) {
		/* https://msdn.microsoft.com/en-us/library/windows/desktop/ms724211(v=vs.85).aspx */
		CloseHandle( hSnap );
		return -1;
	}
	do {
		// case insensitive string compare, returns 0 if strings match
		if( _stricmp( processName.c_str( ), pe.szExeFile ) == 0 ) {
			CloseHandle( hSnap );
			return pe.th32ProcessID;	// process id
		}
		/* https://msdn.microsoft.com/en-us/library/windows/desktop/ms684836(v=vs.85).aspx */
	} while( Process32Next( hSnap, &pe ) );

	// couldn't find process
	CloseHandle( hSnap );
	return -1;
}
BinaryCode (7)
Thanks so much :D
Topic archived. No new replies allowed.