Now I know reading another process's memory is kind of a touchy subject because it could be done as part of a malicious program but this code does not demonstrate how to modify another process's memory at all, just read it. I have found a couple of cases where using ReadProcessMemory has been genuinely useful and there was no alternative method (getting an external process's command line arguments for example, which I'll post an example of soon) so thought it might be worth posting my wrapper class here.
So anyway, I have written a fairly basic .NET class that wraps up the functionality of the ReadProcessMemory API (as well as OpenProcess and CloseHandle) so that you can read memory in a simple and easy way. My class is called NativeMemoryReader as you can see from the code below.
Here is how you could use the class once you have defined it:
vb.net Code:
'quick example of getting a process object for the first 'instance of notepad.exe that is found running Dim ProcessToReadFrom As Process = Process.GetProcessesByName("notepad")(0) 'Pass the process to a new instance of our NativeMemoryReader class Dim MemoryReader As New NativeMemoryReader(ProcessToReadFrom) 'Read 400 bytes from some random address in the process Dim MemoryBytes() As Byte = MemoryReader.ReadMemory(New IntPtr(132290), 400) 'Dispose will close the handle, but there is a Close method as well MemoryReader.Dispose()
Obviously that is just an example so is just reading from a random address in the process - in reality if you were going to be reading memory you would know the address that you want to start from or would be getting a pointer from some other Windows API (you will see an example of it being used in a real scenario when I post the example that shows how to get command line parameters for an external process).
I'll post the full class definition in the next post. Tested on 32 bit Windows XP and 64 bit Windows 7





Reply With Quote