Results 1 to 28 of 28

Thread: Read Another Program's Memory

  1. #1

    Thread Starter
    Hyperactive Member Disiance's Avatar
    Join Date
    Sep 2004
    Location
    Denver, CO
    Posts
    439

    Read Another Program's Memory

    What API should I use to read, say I want to read address 0048B960 of another program, how would I do this?
    "I don't want to live alone until I'm married" - M.M.R.P

  2. #2
    Lively Member
    Join Date
    Jan 2005
    Posts
    76

    Re: Read Another Program's Memory

    ReadProcessMemory API call...its explained well on msdn. Or you can see an example a few posts down in my thread.

  3. #3

    Thread Starter
    Hyperactive Member Disiance's Avatar
    Join Date
    Sep 2004
    Location
    Denver, CO
    Posts
    439

    Re: Read Another Program's Memory

    Thanks for the info, one more thing. How do I get the handle to the process? Is that the process's hWnd?
    Last edited by Disiance; Feb 1st, 2005 at 01:42 PM.
    "I don't want to live alone until I'm married" - M.M.R.P

  4. #4
    I'm about to be a PowerPoster! kleinma's Avatar
    Join Date
    Nov 2001
    Location
    NJ - USA (Near NYC)
    Posts
    23,373

    Re: Read Another Program's Memory

    hWnd is a window handle...

    this link shows how to get process IDs from running processes.. you could trim it to just get it on a specific process.. since this code returns an array with the info on ALL running processes...
    http://www.devx.com/vb2themax/Tip/19242

  5. #5

    Thread Starter
    Hyperactive Member Disiance's Avatar
    Join Date
    Sep 2004
    Location
    Denver, CO
    Posts
    439

    Re: Read Another Program's Memory

    that code says it doesn't work on WinNT, which is what XP is based on, which is what I'm running. But I tried the code anyway, it detects a whole whopping five processes -- not at all what I'm looking for.
    "I don't want to live alone until I'm married" - M.M.R.P

  6. #6
    I'm about to be a PowerPoster! kleinma's Avatar
    Join Date
    Nov 2001
    Location
    NJ - USA (Near NYC)
    Posts
    23,373

    Re: Read Another Program's Memory

    Quote Originally Posted by Disiance
    that code says it doesn't work on WinNT, which is what XP is based on, which is what I'm running. But I tried the code anyway, it detects a whole whopping five processes -- not at all what I'm looking for.
    I am not sure why the code isn't working... but I know what Windows XP is based on... if you want to get technical.. windows XP is based on windows 2000... which the example says it works with... (windows NT does not support many of the things 2000/XP have because they were merged with the windows 9x systems as of win2k...

    I will see if I can't get the example to work

  7. #7

    Thread Starter
    Hyperactive Member Disiance's Avatar
    Join Date
    Sep 2004
    Location
    Denver, CO
    Posts
    439

    Re: Read Another Program's Memory

    ok, and thanks for the help so far.

    Another question on the ReadProcessMemory function. I currently have:
    VB Code:
    1. Dim Str As String
    2.     ReadProcessMemory GetCurrentProcessId, &HFF, Str, 5, 0&
    3.     MsgBox Str

    Why does this return a blank string? I know the GetCurrentProcessID function is working, and I've tried changing the memory location to different values, even searched for a good location to read using WinHex.
    "I don't want to live alone until I'm married" - M.M.R.P

  8. #8
    I'm about to be a PowerPoster! kleinma's Avatar
    Join Date
    Nov 2001
    Location
    NJ - USA (Near NYC)
    Posts
    23,373

    Re: Read Another Program's Memory

    what exactly is it you are trying to accomplish.. perhaps there is a better way to go about it.

  9. #9

    Thread Starter
    Hyperactive Member Disiance's Avatar
    Join Date
    Sep 2004
    Location
    Denver, CO
    Posts
    439

    Re: Read Another Program's Memory

    I'm trying to pull some data from a program running on my computer for use in my program. I want to pull a caption from a label control that I know the memory address for.
    "I don't want to live alone until I'm married" - M.M.R.P

  10. #10
    Frenzied Member ice_531's Avatar
    Join Date
    Aug 2002
    Location
    Sitting w/ Bob Status: -Next -To- Null- Friend: Philip
    Posts
    1,152

    Re: Read Another Program's Memory

    Search the forum for that Cracker Challenge....... i know one of the solutions did this and it was explained what the person did and how they replaced a label through memory.
    :::`DISCLAIMER`:::
    Do NOT take anything i have posted to be truthful in any way, shape or form.
    Thank You!

    --------------------------------
    "Never heard about "hiking" poles. I usualy just grab a stick from the nature, and use that as a pole." - NoteMe
    "Finaly I can look as gay as I want..." - NoteMe
    Languages: VB6, BASIC, Java, C#. C++

  11. #11

    Thread Starter
    Hyperactive Member Disiance's Avatar
    Join Date
    Sep 2004
    Location
    Denver, CO
    Posts
    439

    Re: Read Another Program's Memory

    ice> That thread does not have anything in it except that it changed the memory, didn't give the code that changed the value.
    "I don't want to live alone until I'm married" - M.M.R.P

  12. #12

    Thread Starter
    Hyperactive Member Disiance's Avatar
    Join Date
    Sep 2004
    Location
    Denver, CO
    Posts
    439

    Re: Read Another Program's Memory

    ok, All I want to do is get the ReadProcessMemory to work. I have searched the forums, looked all over MSDN, done a google search, can't figure it out. I can find the process ID of the program I want to read easily enough, FindWindow and then convert the hWnd to processID. I just want to know how to get the ReadProcessMemory to work.
    "I don't want to live alone until I'm married" - M.M.R.P

  13. #13
    Lively Member
    Join Date
    Jan 2005
    Posts
    76

    Re: Read Another Program's Memory

    I honestly just did it in another thread but ok....

    the return value for readprocessmemory is not actually what you want. it just returns 1 or 0 for succeed or fail. anyway... i would take out the actual function call to the getcurrentprocessid command and just save the value in a local variable. i realize this probably isn't it but use the KISS principle whenever possible. i then would get a better base address than &hff. I would bet your life that this address is not what you actually want. now whenever you read the actual process memory that will be virtual memory reading whereas your hex program might be reading actual memory locations. that is all i can think of... there is probably 2.2 million examples of doing what you want to in snippet form though...

  14. #14

    Thread Starter
    Hyperactive Member Disiance's Avatar
    Join Date
    Sep 2004
    Location
    Denver, CO
    Posts
    439

    Re: Read Another Program's Memory

    This is what I've got:
    VB Code:
    1. Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
    2. Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
    3. Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
    4.  
    5.  
    6. Private Sub Command1_Click()
    7.     Dim pHandle As Long
    8.     pHandle = OpenProcess(&H1F0FFF, False, GetCurrentProcessId)
    9.     Dim buffer As String * 50
    10.     Dim readlen As Long
    11.    
    12.     MsgBox ReadProcessMemory(pHandle, 255, buffer, 50, readlen)
    13.    
    14.     CloseHandle pHandle
    15. End Sub
    When I run that Windows says that the program has encountered an error and must be shut down. I've looked all over the 'net for code examples and such, from PSCode and other places like it, to just a plain google search on this.
    "I don't want to live alone until I'm married" - M.M.R.P

  15. #15
    I'm about to be a PowerPoster! kleinma's Avatar
    Join Date
    Nov 2001
    Location
    NJ - USA (Near NYC)
    Posts
    23,373

    Re: Read Another Program's Memory

    what program do you want to change a caption on.. perhaps it can be done a different way using a combo of API calls like SetWindowText

    SetWindowText only needs the WINDOW handle (hWnd) of the object you want to change text on... you could obtain that via findwindow and enumwindow api calls etc...

    SetWindowText changes a windows titlebar.. but if its a control it changes the controls text (according to allapi.net)

  16. #16

    Thread Starter
    Hyperactive Member Disiance's Avatar
    Join Date
    Sep 2004
    Location
    Denver, CO
    Posts
    439

    Re: Read Another Program's Memory

    Yes I could do it that way, but I'm intrigued with why this isn't working.
    "I don't want to live alone until I'm married" - M.M.R.P

  17. #17
    Lively Member
    Join Date
    Jan 2005
    Posts
    76

    Re: Read Another Program's Memory

    Actually I would love to know why also. I wrote a program that goes through a process and prints out all the strings in the stack. However the openProcess function is returning zero on some of the computers I have tried it on and works on others. HMMMMMMM>>>>!!!.....

  18. #18
    Lively Member
    Join Date
    Jan 2005
    Posts
    76

    Re: Read Another Program's Memory

    What access are you requesting in GetCurrentProcessId?

  19. #19

    Thread Starter
    Hyperactive Member Disiance's Avatar
    Join Date
    Sep 2004
    Location
    Denver, CO
    Posts
    439

    Re: Read Another Program's Memory

    Pretty sure it's full access,, "&H1F0FFF"
    I know it is not returning 0 either.
    "I don't want to live alone until I'm married" - M.M.R.P

  20. #20

    Thread Starter
    Hyperactive Member Disiance's Avatar
    Join Date
    Sep 2004
    Location
    Denver, CO
    Posts
    439

    Re: Read Another Program's Memory

    Could you give me a copy of the code you used in your program? I believe I posted the code I'm using up there ^^^.
    "I don't want to live alone until I'm married" - M.M.R.P

  21. #21
    Lively Member
    Join Date
    Jan 2005
    Posts
    76

    Re: Read Another Program's Memory

    My openprocess command hasn't worked on a few XP machines already my post that has the code is in the thread "strings from memory"

  22. #22

    Thread Starter
    Hyperactive Member Disiance's Avatar
    Join Date
    Sep 2004
    Location
    Denver, CO
    Posts
    439

    Re: Read Another Program's Memory

    Quote Originally Posted by Lyric8
    My openprocess command hasn't worked on a few XP machines already my post that has the code is in the thread "strings from memory"
    I ran that code yesterday, it worked for me.
    "I don't want to live alone until I'm married" - M.M.R.P

  23. #23
    Lively Member
    Join Date
    Jan 2005
    Posts
    76

    Re: Read Another Program's Memory

    Then ur done? copy paste job?

  24. #24

    Thread Starter
    Hyperactive Member Disiance's Avatar
    Join Date
    Sep 2004
    Location
    Denver, CO
    Posts
    439

    Re: Read Another Program's Memory

    Quote Originally Posted by Lyric8
    Then ur done? copy paste job?
    No, the code I ran was yours which just got the ProcessID, that's the code which ran fine for me.
    "I don't want to live alone until I'm married" - M.M.R.P

  25. #25
    Lively Member
    Join Date
    Jan 2005
    Posts
    76

    Re: Read Another Program's Memory

    your looking at the wrong thread...that is why i gave you the exact title of it...

  26. #26

    Thread Starter
    Hyperactive Member Disiance's Avatar
    Join Date
    Sep 2004
    Location
    Denver, CO
    Posts
    439

    Re: Read Another Program's Memory

    Ok, now I'm using the code:
    VB Code:
    1. Private Declare Function GetCurrentProcessId Lib "kernel32" () As Long
    2. Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
    3. Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
    4. Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
    5. Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
    6.  
    7. Public Function StrFromPtr(pHandle As Long, ByVal pStr As Long) As String
    8.     Dim i As Long
    9.     Dim x As String, result As String
    10.     x = " "
    11.     For i = 0& To 255&
    12.     ' stop if not successful
    13.     If ReadProcessMemory(pHandle, pStr + i, x, 1, 0&) = 0 Then Exit For
    14.     ' end of string
    15.     If Asc(x) = 0 Then Exit For
    16.     result = result & x
    17.     Next i
    18.     StrFromPtr = result
    19. End Function
    20.  
    21.  
    22. Private Sub Command1_Click()
    23. Dim pHandle As Long
    24. pHandle = OpenProcess(&H1F0FFF, False, GetCurrentProcessId)
    25. Dim buffer As String * 50
    26. Dim readlen As Long
    27.  
    28. MsgBox ReadProcessMemory(pHandle, 255, buffer, 50, readlen)
    29.  
    30. CloseHandle pHandle
    31. End Sub
    32.  
    33. Private Function ConvertNumberToString(number As Double) As String
    34.     'converts number to string will be searched in memory
    35.    
    36.     If number < 256 Then ConvertNumberToString = Chr(number): Exit Function
    37.    
    38.     If number < 65536 Then
    39.         ConvertNumberToString = Chr(number And 255) & Chr((number And 65280) / 256)
    40.         Exit Function
    41.     End If
    42.    
    43.     b4 = number And 255: number = Int(number / 256)
    44.     b3 = number And 255: number = Int(number / 256)
    45.     b2 = number And 255: number = Int(number / 256)
    46.     b1 = number And 255: number = Int(number / 256)
    47.    
    48.     ConvertNumberToString = Chr(b4) & Chr(b3) & Chr(b2) & Chr(b1)
    49. End Function
    VB is still crashing when I run this.
    "I don't want to live alone until I'm married" - M.M.R.P

  27. #27
    New Member
    Join Date
    Feb 2005
    Posts
    2

    Question Re: Read Another Program's Memory

    Hi;

    i have some quetions about how reading memory of a process..well, i have a program that help me to read all memory and change text of a proces textbox. but it isnot enough for me . i want to read only a specified process memory but i do not know how do i get starting and ending memory address of a specified process? could you help me?

  28. #28
    Old Member moeur's Avatar
    Join Date
    Nov 2004
    Location
    Wait'n for Free Stuff
    Posts
    2,712

    Re: Read Another Program's Memory

    Show us the code you're using to read the memory now and we'll be better able to help you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width