C++

Forum

 
ReadProcessMemory() error

ThomasTT (1)
Hi,
I'm new with C++ and im getting a weird error when i run my code it Compiles fine

My first "solo" C++ program
trying to read memory of modern warfare 2

and display it
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
#include "stdafx.h"
using namespace std;
#include <iostream>
#include <Windows.h>

BOOL WINAPI ReadProcessMemory(
  __in   HANDLE hProcess,
  __in   LPCVOID lpBaseAddress,
  __out  LPVOID lpBuffer,
  __in   SIZE_T nSize,
  __out  SIZE_T *lpNumberOfBytesRead
);

HWND WINAPI FindWindow(
  __in_opt  LPCTSTR lpClassName,
  __in_opt  LPCTSTR lpWindowName
);

int main()

{
	HWND handle;
	int BaseAdrr = 0x0108df41;
	handle = FindWindow(NULL,(LPCWSTR)"Modern Warfare 2");
	 char* Buf[10];

	ReadProcessMemory(handle,(LPCVOID)BaseAdrr,Buf,0,NULL);

	int i;
	for(i=0;i < 10;i++)
	{
		cout << Buf[i-1] << endl;
	}
	int s;
	cin >> s;
}



when i run it gives me error

Unhandled exception at 0x5620d540 (msvcr100d.dll) in memscan.exe: 0xC0000005: Access violation reading location 0xcccccccc.

and then I click break and it shows me lots of assembly code


main_loop:
        mov     eax,dword ptr [ecx]     ; read 4 bytes
        mov     edx,7efefeffh
        add     edx,eax
        xor     eax,-1
        xor     eax,edx
        add     ecx,4
        test    eax,81010100h
        je      short main_loop
        ; found zero byte in the loop
        mov     eax,[ecx - 4]
        test    al,al                   ; is it byte 0
        je      short byte_0
        test    ah,ah                   ; is it byte 1
        je      short byte_1
        test    eax,00ff0000h           ; is it byte 2
        je      short byte_2
        test    eax,0ff000000h          ; is it byte 3
        je      short byte_3
        jmp     short main_loop         ; taken if bits 24-30 are clear and bit
                                        ; 31 is set

(this part seems to be most relevant)
Im using Visual studio 2010 ultimate on win 7 ultimate 64 bit
Im really bad at C++ so i have no idea how to fix this even tho i could make the same program in vb.net i want to switch to the C++
Kiana (186)
MSDN is an awesome tool, it gives you a complete synopsis of the API.
http://msdn.microsoft.com/en-us/library/ms680553%28VS.85%29.aspx

ReadProcessMemory takes a process handle as its first parameter, not a window handle.

Since you have a window handle, what you want to do is retrieve the process id of of the process which holds the window with GetWindowThreadProcessId, then opening the process with OpenProcess. Make sure you close the handle with CloseHandle!
Zyl (38)
I remember writing a tool to patch memory in a running application once. I believe you need to get debug privileges from the OS or else you'd naturally get access violation errors, for writing at least.

Try these functions:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
#include <windows.h>
#include <Tlhelp32.h>
#include <iostream>
#include <cstdlib>

// Queries the ProcessId of a certain process
DWORD GetPIDForProcess (char* process) {
	BOOL            working = 0;
	PROCESSENTRY32  lppe = {0};
	DWORD           targetPid = 0;
	
	HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	if(hSnapshot) {
		lppe.dwSize = sizeof(lppe);
		working=Process32First(hSnapshot, &lppe);
		while(working) {
			if(_stricmp(lppe.szExeFile, process) == 0) {
				targetPid=lppe.th32ProcessID;
				break;
			}
		working = Process32Next(hSnapshot, &lppe);
		}
	}
	
	CloseHandle(hSnapshot);
	return targetPid;
}

// Enables to open other processes
void EnableDebugPriv() {
	HANDLE hToken;
	LUID sedebugnameValue;
	TOKEN_PRIVILEGES tkp;
	
	if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
		return;
	}
	
	if(!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue)) {
		CloseHandle(hToken);
		return;
	}
	tkp.PrivilegeCount = 1;
	tkp.Privileges[0].Luid = sedebugnameValue;
	tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
	if(!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof tkp, NULL, NULL)) {
		CloseHandle(hToken);
	}
} 

// Gets the base of a dll
DWORD GetDLLBase(char* DllName, DWORD tPid) {
	HANDLE snapMod;
	MODULEENTRY32 me32;
	
	if(tPid == 0) {
		return 0;
	}
	
	snapMod = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, tPid);
	me32.dwSize = sizeof(MODULEENTRY32);
	if (Module32First(snapMod, &me32)) {
		do {
			if (strcmp(DllName, me32.szModule) == 0) {
				CloseHandle(snapMod);
				return (DWORD) me32.modBaseAddr;
			}
		} while(Module32Next(snapMod, &me32));
	}
	
	CloseHandle(snapMod);
	return 0;
}


1
2
3
4
5
6
7
 
HANDLE hProc;
hProc = OpenProcess(PROCESS_ALL_ACCESS, false, GetPIDForProcess("someprogram.exe"));

// ...

static DWORD processBase;
processBase = GetDLLBase("someprogram.dll", GetPIDForProcess("someprogram.exe"));
Last edited on
Topic archived. No new replies allowed.