Reading Dynamic Memory
Since no one answered my last question on that other thread, here it is:
I want to read memory off my process, for example I have this global variable with the value = 12345; then I make a function and make a local variable value =12345;
using VirtualQuery and MEMORY_BASIC_INFORMATION I am able to get all readable pages, but when I iterate through each address in that region and do this:
I get an ERROR, basically saying access violation, which means I can't read the address...
so I don't get it, if the
so does any one have any idea why I'm crashing?
I want to read memory off my process, for example I have this global variable with the value = 12345; then I make a function and make a local variable value =12345;
using VirtualQuery and MEMORY_BASIC_INFORMATION I am able to get all readable pages, but when I iterate through each address in that region and do this:
|
|
I get an ERROR, basically saying access violation, which means I can't read the address...
so I don't get it, if the
MEMORY_BASIC_INFORMATION.Protect == PAGE_READ_WRITE then I check each address to see if they hold the value, it shouldn't crash me because the Protection is PAGE_READWRITE;so does any one have any idea why I'm crashing?
Last edited on
My guess is that no one answered your question because this has to do specifically with functions in the Win32 API so it should go in the Windows Programming section.
As for your question, why are you using VirtualQuery() to Read information? The function you are looking for is ReadProcessMemory(...): http://msdn.microsoft.com/en-us/library/ms680553(VS.85).aspx
I took a look at your other post, you don't need to estimate the size of the data you are reading from the target process, this is returned to you if the buffer you pass to ReadProcessMemory(...) is too small. The solution is to call ReadProcessMemory(...) first with 'NULL' as the third parameter then initialize your buffer at the size returned to you in 'lpNumberofBytesRead'. You then call ReadProcessMemory(...) again with a buffer that is guarenteed to be large enough to hold your data. Alternativley, I noticed that you don't want to use ReadProcessMemory(...) for some reason (masochism maybe?). If you're dead set on that then the MEMORY_BASIC_INFORMATION structure has a data member called RegionSize which can also be used to set the size of your buffer.
As for your question, why are you using VirtualQuery() to Read information? The function you are looking for is ReadProcessMemory(...): http://msdn.microsoft.com/en-us/library/ms680553(VS.85).aspx
I took a look at your other post, you don't need to estimate the size of the data you are reading from the target process, this is returned to you if the buffer you pass to ReadProcessMemory(...) is too small. The solution is to call ReadProcessMemory(...) first with 'NULL' as the third parameter then initialize your buffer at the size returned to you in 'lpNumberofBytesRead'. You then call ReadProcessMemory(...) again with a buffer that is guarenteed to be large enough to hold your data. Alternativley, I noticed that you don't want to use ReadProcessMemory(...) for some reason (masochism maybe?). If you're dead set on that then the MEMORY_BASIC_INFORMATION structure has a data member called RegionSize which can also be used to set the size of your buffer.
Last edited on
lol is not masochism... I mean I'm reading the memory on MY OWN process, can't I do that directly?
for example:
or am I misunderstanding something?
I am already using
but like I said, I'm filtering the address with
now I go through a loop and make the address++ and then check if the address has PAGE_READWRITE protect, and if it does then address+=.RegionSize;
for example:
*(DOWRD*)Addres would give me the unsigned long value of such adress and *(BYTE*) would give me the unsigned cahr and so on, so I'm reading my own memory why would I need to use?: ReadProcessMemory() or am I misunderstanding something?
I am already using
MEMORY_BASIC_INFORMATIONbut like I said, I'm filtering the address with
MEMORY_BASIC_INFORMATION.Protect == PAGE_READ_WRITE if it isn't PAGE_READ_WRITE then just skip it by adding +=MEMORY_BASIC_INFORMATION.RegionSize;now I go through a loop and make the address++ and then check if the address has PAGE_READWRITE protect, and if it does then address+=.RegionSize;
Topic archived. No new replies allowed.