C++

Forum

 
Reading own process memory

Nybble (65)
1
2
3
4
5
6
7
 
BOOL WINAPI ReadProcessMemory(
  __in   HANDLE hProcess,
  __in   LPCVOID lpBaseAddress,
  __out  LPVOID lpBuffer,
  __in   SIZE_T nSize,
  __out  SIZE_T *lpNumberOfBytesRead
);


Hi, what I want to know is, how would I be able to store this: __out LPVOID lpBuffer

in my buffer, but not actually using readprocessmemory because it is my OWN program, I have tried this:

unsigned char* buf[128*1000];

and then doing this:
buf[*(unsigned char*)MyAddress]

what I want to know is how do I get the BYTES that __out LPVOID lpBuffer returns...

__out SIZE_T *lpNumberOfBytesRead just returns the sizeof(Address) right?
Athar (4466)
I can only guess what you're trying to do, but:
1
2
3
 
byte buf[size];
byte* src=reinterpret_cast<byte*>(myAddress);
memcpy(buf,src,size);


If part of the memory you're trying to read is not mapped, you'll get a segmentation fault.

Edit: that's only if you need a copy. Otherwise the middle line will suffice.
Last edited on
Nybble (65)
thanks man, that was a fast reply, I'm not sure if it does what I intend to but I'll try it later, I have to go somewhere now, that was a fast reply o.O
Nybble (65)
I have this other question:

How come when I try to read the memory from my own process I get 0xC0000005: Access violation

this is starting to piss me off, I mean I already did this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
#define NON_WRITE (PAGE_READONLY | PAGE_NOACCESS | PAGE_EXECUTE_READ | PAGE_EXECUTE)

MEMORY_BASIC_INFORMATION mbi;
	unsigned long Addr = 0;

while(1)
	{
		if(VirtualQuery((LPCVOID)Addr,&mbi,sizeof(MEMORY_BASIC_INFORMATION) )== 0) {break; } 
		size = mbi.RegionSize;

		if ( (mbi.Protect & NON_WRITE)  ){ Addr+=mbi.RegionSize;continue; }
		else {
			printf("Result: 0x%X-0x%X Protection:%d\n", Addr,Addr+mbi.RegionSize,mbi.Protect);

			for (;Addr < endreg ;Addr++)
			{
				if (*(DWORD*)Addr == 1234) { printf("Value FOUND"); }

			}

		}

}


Why do I always crash at address 0x00030000 I don't get it... it is supposed to "skip" addresses I can't access...
Last edited on
Topic archived. No new replies allowed.