[2.0] Reading a process' memory

I have a process which i'm trying to read the memory of. I'm creating the process myself, using the PROCESS_VM_READ flag.
Here is my class that exposes relevent API funcitons:

Code:

---

public static class Win32
    {
        public const uint PROCESS_VM_READ = (0x0010);

        [DllImport("kernel32.dll", SetLastError = true)]
        public static extern bool DebugActiveProcess(UInt32 dwProcessId);

        [DllImport("kernel32.dll",SetLastError=true)]
        public static extern IntPtr OpenProcess(
            UInt32 dwDesiredAccess,
            Int32 bInheritHandle,
            UInt32 dwProcessId
            );

        [DllImport("kernel32.dll", SetLastError = true)]
        public static extern Int32 ReadProcessMemory(
            IntPtr hProcess,
            IntPtr lpBaseAddress,
            [In, Out] byte[] buffer,
            UInt32 size,
            out IntPtr lpNumberOfBytesRead
            );

        [DllImport("kernel32.dll", SetLastError = true)]
        public static extern Int32 CloseHandle(IntPtr hObject);
    }

---

I created a wrapper class for those functions, as below:

Code:

---

public class ProcessMemoryReader
    {
        private Process m_ReadProcess = null;
        private IntPtr m_hProcess = IntPtr.Zero;

        public ProcessMemoryReader()
        {
        }

        /// <summary>       
        /// Process from which to read               
        /// </summary>
        public Process ReadProcess
        {
            get
            {
                return m_ReadProcess;
            }
            set
            {
                m_ReadProcess = value;
            }
        }

        public void OpenProcess()
        {
            m_hProcess = Win32.OpenProcess(Win32.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id);
        }
        public void CloseHandle()
        {
            int iRetValue;
            iRetValue = Win32.CloseHandle(m_hProcess);
            if (iRetValue == 0)
                throw new Exception("CloseHandle failed");
        }
        public byte[] ReadProcessMemory(IntPtr MemoryAddress, uint bytesToRead, out int bytesRead)
        {
            byte[] buffer = new byte[bytesToRead];

            IntPtr ptrBytesReaded;
            Win32.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, bytesToRead, out ptrBytesReaded);
            bytesRead = ptrBytesReaded.ToInt32();
            if (bytesRead == 0)
            {
                int ErrorCode = Marshal.GetLastWin32Error();

            }

            return buffer;
        }
    }

---

In my code i call the OpenProcess function, which works, because i get a valid handle from the API call. However when i try to ReadProcessMemory i get an access denied error.

Code:

---

Win32.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, bytesToRead, out ptrBytesReaded);

---

(Memory address is 0, bytesToRead is 100)

Any ideas what's causing the access denied error, given that i created the process with the PROCESS_VM_READ flag??

Code:

---

Process process = Process.GetProcessById(INSERT PROCESS HERE);
ProcessModuleCollection modules = process.Modules;
for(int x=0 ; x<modules.Count ; x++)
{
                               
        //Print the name and memory size of the module to the listbox, lstModules.
        lstModules.Items.Add(modules[x].ModuleName.ToString()+ "\t\t"+                                                ""+modules[x].ModuleMemorySize.ToString());
}

---

Jennifer.

I'm not trying to get a list of modules loaded (in any case i get the same 'access denied' error when i tried that (even though i'm creating the process from within my application).

Wierd, its worked for me. It shows the module names and memory sizes in bytes.

I guess I now read what you wanted, just from off my head I thought this might help. Did it a while ago as well.

Jennifer.