Reading memory addresses

**deoblo1** · Aug 18th, 2000, 02:07 AM

Is their a way you can read a memory address in VB kinda like you can do in C++ with pointers? Is their anyways at all to look at the momory and stuff like that?

Aug 18th, 2000, 02:10 AM

Absolutely NOT

M$ dreads that simple VB users will be able to use <gasp> pointers and the like.

i have read so much stuff that M$ has said about pointers and VB, it makes me sick!

**Yonatan** · Aug 18th, 2000, 02:21 AM

Yes, actually, there is indeed a way!

You can to use the Kernel API CopyMemory (DLL name: RtlMoveMemory) for this.

Put in General Declarations area:

Code:

Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (pDest As Any, pSrc As Any, ByVal cbSrc As Long)

Since you didn't give any specific intentions for this, I'll just give you a useless example that doesn't have to do with anything you'll ever need to program.

Let's say you are simply DYING to know what long value is at memory address 0x1FC56A08 (no reason, no motive: no use).

So your source is &H1FC56A08.
Your destination is a long variable.
The size is 4. (Long variables take up 4 bytes of RAM)

Code:

Dim L As Long
Call CopyMemory(L, ByVal &H1FC56A08, 4)

After those two lines, whatever long value existed in that specific memory address is now in the variable L.

Does that make sense? No? I thought it wouldn't.

Give a specific reason why you need to read the memory address and "someone" who knows will explain it according to how you need it.

**deoblo1** · Aug 18th, 2000, 02:23 AM

Ok If I was gonna make a hex editor? I would need to read the memory address to get its value, and possable change it.

Aug 18th, 2000, 02:42 AM

well you cant do it in pure VB

**deoblo1** · Aug 18th, 2000, 02:45 AM

If I have to use win api that is fine. I just want to do it in vb...or am I confused?

**Yonatan** · Aug 18th, 2000, 03:03 AM

You might not call the APIs pure VB... But without the APIs we wouldn't have ANY programs. (VB uses many many APIs without telling you)

Let's say you want to open notepad, read a long value from the memory address 0x111111 of the notepad process, and write it in the memory address 0x222222 of the notepad process.
(I just typed random things so it might crash or just fail, I didn't test it!)
This actually IS useful, because some programs use only one address to store a certain variable.
For example: A game which has a variable at a very specific location, which contains, say, the amount of lives your character has.
Then you can build a program that changes that certain variable's value to 99 or something like that.

Code:

Option Explicit

Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long

Private Const PROCESS_VM_READ = &H10
Private Const PROCESS_VM_WRITE = &H20

Private Sub Command1_Click()
    Dim hWndNotepad As Long, lProcessID As Long, hProcess As Long, lData As Long
    ' Find a notepad window's handle:
    hWndNotepad = FindWindow("Notepad", vbNullString)
    If hWndNotepad = 0 Then
        Call MsgBox("Error: Notepad isn't running!", vbCritical)
        Exit Sub
    End If
    ' Get the ID of the process that created the notepad window:
    ' (Also known as "notepad's process ID"):
    Call GetWindowThreadProcessId(hWndNotepad, lProcessID)
    ' Open the process with reading and writing privileges:
    hProcess = OpenProcess(PROCESS_VM_READ Or PROCESS_VM_WRITE, False, lProcessID)
    If hProcess = 0 Then
        Call MsgBox("Error: Couldn't open process!", vbCritical)
        Exit Sub
    End If
    ' Read 4 bytes from memory address 0x111111 of that process into lData:
    If ReadProcessMemory(hProcess, ByVal &H111111, lData, 4, ByVal 0) = 0 Then
        Call MsgBox("Error: Couldn't read data!", vbCritical)
        Call CloseHandle(hProcess)
        Exit Sub
    End If
    ' Write those bytes into memory address 0x222222 of that process:
    If WriteProcessMemory(hProcess, ByVal &H222222, ByVal lData, 4, ByVal 0) = 0 Then
        Call MsgBox("Error: Couldn't write data!", vbCritical)
        Call CloseHandle(hProcess)
        Exit Sub
    End If
    ' Close the process (not terminate it... Just stop using it by our program)
    Call CloseHandle(hProcess)
End Sub

**V(ery) Basic** · Aug 18th, 2000, 07:05 AM

&Variable is really cool. (I'm learning normal C++ at the moment, planning to move to VC++ soon). It's som much more 'raw' than VB. I think C++ is great fun.

Thread: Reading memory addresses

Thread Tools

Display

Hex editor

its cool

Posting Permissions