1 Attachment(s)
ReadProcessMem for addresses that exceed the maximum value of long?
Hi, I have the following issue.
I try to read the memory of processes that have their addresses over the maximum amount for a long of 32 bits (2,147,483,647)
of the style
"7FFFFFFFFFFFF"
which generates an overflow for a long variable in vb6.
I know we have this limitation in vb6 for long in 32 bits when trying to read 64 bit addresses, but I wonder if this can have a solution.
I leave an example code when reading the first character of my notepad (that if it would work for any process in 32 bits).
Quote:
Private Const PROCESS_ALL_ACCESS = &H1F0FFF
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal SomeValueIsStoredHere As Long, lpdwProcessId As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal Classname As String, ByVal WindowName As String) As Long
Private Declare Function GetKeyPress Lib "user32" Alias "GetAsyncKeyState" (ByVal key As Long) As Integer
Private Declare Function ReadProcessMem Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByRef lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Function ReadALong(Title As String, TheAddress As Long, TheValue As Long, bts As Long)
Dim WHwnd As Long
Dim GWTPI As Long
Dim SomeValue As Long
WHwnd = FindWindow(vbNullString, Title)
GetWindowThreadProcessId WHwnd, GWTPI
SomeValue = OpenProcess(PROCESS_ALL_ACCESS, False, GWTPI)
If (SomeValue = 0) Then
Exit Function
End If
ReadProcessMem SomeValue, TheAddress, TheValue, bts, 0&
Text1 = TheValue
CloseHandle hProcess
End Function
Private Sub Command1_Click()
Call ReadALong("*Sin tÃtulo: Bloc de notas", Val(1769725278928#), vbNull, 1)
End Sub
Attachment 182598
Regards!
Re: ReadProcessMem for addresses that exceed the maximum value of long?
Re: ReadProcessMem for addresses that exceed the maximum value of long?
I could not implement it :(. I got no errors, but neither did the expected values a just vbnull which is equal to 1.
It would help me a lot if you can correct me and adapt under the same example.
I would like to know if there is a write version like "NtWow64ReadVirtualMemory64" and if it is implemented in the same way, thank you very much!
Regards.
Re: ReadProcessMem for addresses that exceed the maximum value of long?
Quote:
Originally Posted by
The trick
I already understood how to implement what you suggest, thank you very much The trick! for sharing your knowledge and your repository. :D
