Results 1 to 4 of 4

Thread: [2.0] Reading a process' memory

  1. Jun 19th, 2007, 10:01 AM #1
    SLH
    SLH is offline

    Thread Starter
    Not NoteMe SLH's Avatar
    Join Date
    Mar 2002
    Location
    192.168.0.1 Preferred Animal: Penguin Reason for errors: Line#38
    Posts
    3,051

    [2.0] Reading a process' memory

    I have a process which i'm trying to read the memory of. I'm creating the process myself, using the PROCESS_VM_READ flag.
    Here is my class that exposes relevent API funcitons:
    Code:
    public static class Win32
    {
        public const uint PROCESS_VM_READ = (0x0010);

        [DllImport("kernel32.dll", SetLastError = true)]
        public static extern bool DebugActiveProcess(UInt32 dwProcessId);

        [DllImport("kernel32.dll",SetLastError=true)]
        public static extern IntPtr OpenProcess(
            UInt32 dwDesiredAccess,
            Int32 bInheritHandle,
            UInt32 dwProcessId
            );

        [DllImport("kernel32.dll", SetLastError = true)]
        public static extern Int32 ReadProcessMemory(
            IntPtr hProcess,
            IntPtr lpBaseAddress,
            [In, Out] byte[] buffer,
            UInt32 size,
            out IntPtr lpNumberOfBytesRead
            );

        [DllImport("kernel32.dll", SetLastError = true)]
        public static extern Int32 CloseHandle(IntPtr hObject);
    }
    I created a wrapper class for those functions, as below:
    Code:
    public class ProcessMemoryReader
    {
        private Process m_ReadProcess = null;
        private IntPtr m_hProcess = IntPtr.Zero;

        public ProcessMemoryReader()
        {
        }

        /// <summary>	
        /// Process from which to read		
        /// </summary>
        public Process ReadProcess
        {
            get
            {
                return m_ReadProcess;
            }
            set
            {
                m_ReadProcess = value;
            }
        }

        public void OpenProcess()
        {
            m_hProcess = Win32.OpenProcess(Win32.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id);
        }
        public void CloseHandle()
        {
            int iRetValue;
            iRetValue = Win32.CloseHandle(m_hProcess);
            if (iRetValue == 0)
                throw new Exception("CloseHandle failed");
        }
        public byte[] ReadProcessMemory(IntPtr MemoryAddress, uint bytesToRead, out int bytesRead)
        {
            byte[] buffer = new byte[bytesToRead];

            IntPtr ptrBytesReaded;
            Win32.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, bytesToRead, out ptrBytesReaded);
            bytesRead = ptrBytesReaded.ToInt32();
            if (bytesRead == 0)
            {
                int ErrorCode = Marshal.GetLastWin32Error();

            }

            return buffer;
        }
    }
    In my code i call the OpenProcess function, which works, because i get a valid handle from the API call. However when i try to ReadProcessMemory i get an access denied error.
    Code:
    Win32.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, bytesToRead, out ptrBytesReaded);
    (Memory address is 0, bytesToRead is 100)

    Any ideas what's causing the access denied error, given that i created the process with the PROCESS_VM_READ flag??
    Quotes:
    "I am getting better then you guys.." NoteMe, on his leet english skills.
    "And I am going to meat her again later on tonight." NoteMe
    "I think you should change your name to QuoteMe" Shaggy Hiker, regarding NoteMe
    "my sweet lord jesus. I've decided never to have breast implants" Tom Gibbons
    Have I helped you? Please Rate my posts.

    Reply With Quote Reply With Quote
  2. Jun 19th, 2007, 09:05 PM #2
    drattansingh
    drattansingh is offline
    Hyperactive Member drattansingh's Avatar
    Join Date
    Sep 2005
    Posts
    395

    Re: [2.0] Reading a process' memory

    Code:
    Process process = Process.GetProcessById(INSERT PROCESS HERE);
ProcessModuleCollection modules = process.Modules;
for(int x=0 ; x<modules.Count ; x++)
{
				
	//Print the name and memory size of the module to the listbox, lstModules.
	lstModules.Items.Add(modules[x].ModuleName.ToString()+ "\t\t"+						""+modules[x].ModuleMemorySize.ToString());
}
    Jennifer.
    Reply With Quote Reply With Quote
  3. Jun 20th, 2007, 07:34 AM #3
    SLH
    SLH is offline

    Thread Starter
    Not NoteMe SLH's Avatar
    Join Date
    Mar 2002
    Location
    192.168.0.1 Preferred Animal: Penguin Reason for errors: Line#38
    Posts
    3,051

    Re: [2.0] Reading a process' memory

    I'm not trying to get a list of modules loaded (in any case i get the same 'access denied' error when i tried that (even though i'm creating the process from within my application).
    Quotes:
    "I am getting better then you guys.." NoteMe, on his leet english skills.
    "And I am going to meat her again later on tonight." NoteMe
    "I think you should change your name to QuoteMe" Shaggy Hiker, regarding NoteMe
    "my sweet lord jesus. I've decided never to have breast implants" Tom Gibbons
    Have I helped you? Please Rate my posts.

    Reply With Quote Reply With Quote
  4. Jun 20th, 2007, 11:30 AM #4
    drattansingh
    drattansingh is offline
    Hyperactive Member drattansingh's Avatar
    Join Date
    Sep 2005
    Posts
    395

    Re: [2.0] Reading a process' memory

    Wierd, its worked for me. It shows the module names and memory sizes in bytes.

    I guess I now read what you wanted, just from off my head I thought this might help. Did it a while ago as well.

    Jennifer.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width