Thread: Help!! Intercepting text from a game (ReadProcessMemory())

Hello,
Im trying to intercept text from an Online Roleplaying game.
Im using ReadProcessMemory() to get the text.
Now the question is...
I can get the text from the game and into my form....BUT...I can only get parts of the text,,, and I also get a bunch of weird characters with my text. Like......

nem*****§ÜA+esys: ***<>??? H|E|||§§§ÄÄ|ll||||o||| ***%#*$&$%*%($_)@(#

I get pieces of my text, but only with a bunch of other weird characters. I need to know why this is happening, and how to fix it. Thank you very much for any help..as I have been working on this for weeks now.

-Justin VB5.0

could do with more code that you're using

Are you sizing the buffer correctly before calling the function?

Heres my code for getting the text:::


------------------------------------------------------------------------------------
Public Function RPMEM(wndTitle As String, lLength As Long) As String

Dim hwnd As Long
Dim pID As Long
Dim pHandle As Long
Dim strBuffer As String
Dim succeed As Boolean
Dim mem As Long
mem = "&H1C4A370"

hwnd = FindWindow(wndTitle, vbNullString) ' get the handle of the window ...

If (hwnd = 0) Then Exit Function 'no handle & exit =)

GetWindowThreadProcessId hwnd, pID 'we need to get the proccess id to get the proccess handle .. *uuuummm*

pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pID) ' no comment ... =)

If (pHandle = 0) Then Exit Function 'mh. no handle. maybe we have no access to open this proccess with VM_READ

strBuffer = String(lLength, vbNullChar) 'fill the buffer

succeed = ReadProcessMemory(pHandle, mem, strBuffer, Len(strBuffer), 0&)

If Err.LastDllError = 998 Then Debug.Print "no acceess."

CloseHandle pHandle 'what we have opened we must(?) close ..

If succeed = True Then 'function succeed
RPMEM = strBuffer
Else
RPMEM = ""
End If
End Function
----------------------------------------------------------------------------------

And then In the button on my form I have:::
----------------------------------------------------------------------------------
Private Sub Command3_Click()
Dim a As String
a = RPMEM("Ultima Online", 255)
RichTextBox1.Text = StrConv(a, vbLowerCase)
End Sub
----------------------------------------------------------------------------------
Thx for helping!!

And heres all the wierd text that I get::

¤‡¤||||||||||||Jim||||y:$$&* S||@!ays|||6&&* He+++|lL|||o

you're passing the length into the function...how do you know how long it's going to me?

Well, I dont know for sure how long it will be. But the length isnt my problem, because I can just have the code re-intercept the text. The problem is why my text is broken apart and has all the weird characters in it. Or does the buffer have something to do with that?? I dunno what Im doing wrong. Im new to ReadProcessMemory. But I had to use it because the game stores its "chat" in memory. Then it writes it to a logged file AFTER you exit the game. So it has to store the text in memory, which I found out it does do because of my intecepted "broken" text Im getting. I dunno. Im lost..

When calling API functions that return strings, you have to size the buffer correctly otherwise it won't work. As you're getting all sorts of rubbish, it leads me to suspect that is what is going on here

Try calling ReadProcessMemory with nulls in every param except nSize (and of course the me address, thread id), then it should return the length to that variable. Then you can use that length to size the buffer correctly, call ReadProcessMemory again which will hopefully return the correct text.

Ok, thanks Ill try that.

Ok, sorry bout this but..Im having trouble with finding the buffer size..

What would my ReadProcessMemory() look like, "using my code from above" and what would I put in my button click..???

Just call it like this

VB Code:

Dim lBuffer As Long
 
ReadProcessMemory(pHandle, mem, vbNullString, lBuffer, 0&)

hopefully it will return the length into lBuffer, which you can then use to size the string buffer.

Alright, I tried that and it returns "0"
that doesnt seem right.
Heres my code:::

-----------------------------------------------------------------------------------
Private Sub Command6_Click()
Dim hwnd As Long
Dim pID As Long
Dim pHandle As Long
Dim strBuffer As String
Dim succeed As Boolean
Dim mem As Long
Dim lbuffer As Long
mem = "&H1C4A370"

hwnd = FindWindow("Ultima Online", vbNullString)
GetWindowThreadProcessId hwnd, pID
pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pID)
Call ReadProcessMemory(pHandle, mem, vbNullString, lbuffer, 0&)
RichTextBox1.Text = lbuffer
End Sub
------------------------------------------------------------------------------------

damn. How about replacing vbNullString with vbNullChar

Still returns Zero
It seems that when I use different buffers, it just affects the exact number of characters that appear from that memory address. If I use "5" as a buffer...It returns 5 characters from the memory address. It seems to me that It has to be some kind of formatting issue. I dunno. Im lost again. Thank you for helping me tho. your the first to want to dive into the Evil readprocessmemory...

It looks to me like ReadProcessMemory is being called correctly. If it wasn't, you either wouldn't be getting any results, or VB would crash.

Since you actually are getting results, that text must be what the game is storing in that particular memory location.

Two possible courses of action at this point I think...use the GetLastError API (or Err.LastDLLError) to help you debug why you might be getting 0 after obtaining the buffer...

Or

Use Mid$ etc to extract the info you want from the text you are getting.