|
-
Feb 1st, 2005, 12:02 PM
#1
Thread Starter
Hyperactive Member
Read Another Program's Memory
What API should I use to read, say I want to read address 0048B960 of another program, how would I do this?
"I don't want to live alone until I'm married" - M.M.R.P
-
Feb 1st, 2005, 01:05 PM
#2
Lively Member
Re: Read Another Program's Memory
ReadProcessMemory API call...its explained well on msdn. Or you can see an example a few posts down in my thread.
-
Feb 1st, 2005, 01:12 PM
#3
Thread Starter
Hyperactive Member
Re: Read Another Program's Memory
Thanks for the info, one more thing. How do I get the handle to the process? Is that the process's hWnd?
Last edited by Disiance; Feb 1st, 2005 at 01:42 PM.
"I don't want to live alone until I'm married" - M.M.R.P
-
Feb 1st, 2005, 04:41 PM
#4
Re: Read Another Program's Memory
hWnd is a window handle...
this link shows how to get process IDs from running processes.. you could trim it to just get it on a specific process.. since this code returns an array with the info on ALL running processes...
http://www.devx.com/vb2themax/Tip/19242
-
Feb 1st, 2005, 04:50 PM
#5
Thread Starter
Hyperactive Member
Re: Read Another Program's Memory
that code says it doesn't work on WinNT, which is what XP is based on, which is what I'm running. But I tried the code anyway, it detects a whole whopping five processes -- not at all what I'm looking for.
"I don't want to live alone until I'm married" - M.M.R.P
-
Feb 1st, 2005, 05:05 PM
#6
Re: Read Another Program's Memory
 Originally Posted by Disiance
that code says it doesn't work on WinNT, which is what XP is based on, which is what I'm running. But I tried the code anyway, it detects a whole whopping five processes -- not at all what I'm looking for.
I am not sure why the code isn't working... but I know what Windows XP is based on... if you want to get technical.. windows XP is based on windows 2000... which the example says it works with... (windows NT does not support many of the things 2000/XP have because they were merged with the windows 9x systems as of win2k...
I will see if I can't get the example to work
-
Feb 1st, 2005, 05:41 PM
#7
Thread Starter
Hyperactive Member
Re: Read Another Program's Memory
ok, and thanks for the help so far.
Another question on the ReadProcessMemory function. I currently have:
VB Code:
Dim Str As String
ReadProcessMemory GetCurrentProcessId, &HFF, Str, 5, 0&
MsgBox Str
Why does this return a blank string? I know the GetCurrentProcessID function is working, and I've tried changing the memory location to different values, even searched for a good location to read using WinHex.
"I don't want to live alone until I'm married" - M.M.R.P
-
Feb 1st, 2005, 06:42 PM
#8
Re: Read Another Program's Memory
what exactly is it you are trying to accomplish.. perhaps there is a better way to go about it.
-
Feb 1st, 2005, 07:05 PM
#9
Thread Starter
Hyperactive Member
Re: Read Another Program's Memory
I'm trying to pull some data from a program running on my computer for use in my program. I want to pull a caption from a label control that I know the memory address for.
"I don't want to live alone until I'm married" - M.M.R.P
-
Feb 1st, 2005, 08:06 PM
#10
Frenzied Member
Re: Read Another Program's Memory
Search the forum for that Cracker Challenge....... i know one of the solutions did this and it was explained what the person did and how they replaced a label through memory.
:::`DISCLAIMER`:::
Do NOT take anything i have posted to be truthful in any way, shape or form.
Thank You!
--------------------------------
"Never heard about "hiking" poles. I usualy just grab a stick from the nature, and use that as a pole." - NoteMe
"Finaly I can look as gay as I want..." - NoteMe
Languages: VB6, BASIC, Java, C#. C++
-
Feb 1st, 2005, 09:45 PM
#11
Thread Starter
Hyperactive Member
Re: Read Another Program's Memory
ice> That thread does not have anything in it except that it changed the memory, didn't give the code that changed the value.
"I don't want to live alone until I'm married" - M.M.R.P
-
Feb 1st, 2005, 10:15 PM
#12
Thread Starter
Hyperactive Member
Re: Read Another Program's Memory
ok, All I want to do is get the ReadProcessMemory to work. I have searched the forums, looked all over MSDN, done a google search, can't figure it out. I can find the process ID of the program I want to read easily enough, FindWindow and then convert the hWnd to processID. I just want to know how to get the ReadProcessMemory to work.
"I don't want to live alone until I'm married" - M.M.R.P
-
Feb 2nd, 2005, 02:36 PM
#13
Lively Member
Re: Read Another Program's Memory
I honestly just did it in another thread but ok....
the return value for readprocessmemory is not actually what you want. it just returns 1 or 0 for succeed or fail. anyway... i would take out the actual function call to the getcurrentprocessid command and just save the value in a local variable. i realize this probably isn't it but use the KISS principle whenever possible. i then would get a better base address than &hff. I would bet your life that this address is not what you actually want. now whenever you read the actual process memory that will be virtual memory reading whereas your hex program might be reading actual memory locations. that is all i can think of... there is probably 2.2 million examples of doing what you want to in snippet form though...
-
Feb 2nd, 2005, 03:30 PM
#14
Thread Starter
Hyperactive Member
Re: Read Another Program's Memory
This is what I've got:
VB Code:
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Sub Command1_Click()
Dim pHandle As Long
pHandle = OpenProcess(&H1F0FFF, False, GetCurrentProcessId)
Dim buffer As String * 50
Dim readlen As Long
MsgBox ReadProcessMemory(pHandle, 255, buffer, 50, readlen)
CloseHandle pHandle
End Sub
When I run that Windows says that the program has encountered an error and must be shut down. I've looked all over the 'net for code examples and such, from PSCode and other places like it, to just a plain google search on this.
"I don't want to live alone until I'm married" - M.M.R.P
-
Feb 2nd, 2005, 04:59 PM
#15
Re: Read Another Program's Memory
what program do you want to change a caption on.. perhaps it can be done a different way using a combo of API calls like SetWindowText
SetWindowText only needs the WINDOW handle (hWnd) of the object you want to change text on... you could obtain that via findwindow and enumwindow api calls etc...
SetWindowText changes a windows titlebar.. but if its a control it changes the controls text (according to allapi.net)
-
Feb 2nd, 2005, 05:18 PM
#16
Thread Starter
Hyperactive Member
Re: Read Another Program's Memory
Yes I could do it that way, but I'm intrigued with why this isn't working.
"I don't want to live alone until I'm married" - M.M.R.P
-
Feb 3rd, 2005, 01:31 AM
#17
Lively Member
Re: Read Another Program's Memory
Actually I would love to know why also. I wrote a program that goes through a process and prints out all the strings in the stack. However the openProcess function is returning zero on some of the computers I have tried it on and works on others. HMMMMMMM>>>>!!!.....
-
Feb 3rd, 2005, 01:32 AM
#18
Lively Member
Re: Read Another Program's Memory
What access are you requesting in GetCurrentProcessId?
-
Feb 3rd, 2005, 12:38 PM
#19
Thread Starter
Hyperactive Member
Re: Read Another Program's Memory
Pretty sure it's full access,, "&H1F0FFF"
I know it is not returning 0 either.
"I don't want to live alone until I'm married" - M.M.R.P
-
Feb 3rd, 2005, 12:38 PM
#20
Thread Starter
Hyperactive Member
Re: Read Another Program's Memory
Could you give me a copy of the code you used in your program? I believe I posted the code I'm using up there ^^^.
"I don't want to live alone until I'm married" - M.M.R.P
-
Feb 3rd, 2005, 12:47 PM
#21
Lively Member
Re: Read Another Program's Memory
My openprocess command hasn't worked on a few XP machines already my post that has the code is in the thread "strings from memory"
-
Feb 3rd, 2005, 12:51 PM
#22
Thread Starter
Hyperactive Member
Re: Read Another Program's Memory
 Originally Posted by Lyric8
My openprocess command hasn't worked on a few XP machines already my post that has the code is in the thread "strings from memory"
I ran that code yesterday, it worked for me.
"I don't want to live alone until I'm married" - M.M.R.P
-
Feb 3rd, 2005, 01:27 PM
#23
Lively Member
Re: Read Another Program's Memory
Then ur done? copy paste job?
-
Feb 3rd, 2005, 02:10 PM
#24
Thread Starter
Hyperactive Member
Re: Read Another Program's Memory
 Originally Posted by Lyric8
Then ur done? copy paste job?
No, the code I ran was yours which just got the ProcessID, that's the code which ran fine for me.
"I don't want to live alone until I'm married" - M.M.R.P
-
Feb 3rd, 2005, 03:45 PM
#25
Lively Member
Re: Read Another Program's Memory
your looking at the wrong thread...that is why i gave you the exact title of it...
-
Feb 4th, 2005, 11:13 AM
#26
Thread Starter
Hyperactive Member
Re: Read Another Program's Memory
Ok, now I'm using the code:
VB Code:
Private Declare Function GetCurrentProcessId Lib "kernel32" () As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Public Function StrFromPtr(pHandle As Long, ByVal pStr As Long) As String
Dim i As Long
Dim x As String, result As String
x = " "
For i = 0& To 255&
' stop if not successful
If ReadProcessMemory(pHandle, pStr + i, x, 1, 0&) = 0 Then Exit For
' end of string
If Asc(x) = 0 Then Exit For
result = result & x
Next i
StrFromPtr = result
End Function
Private Sub Command1_Click()
Dim pHandle As Long
pHandle = OpenProcess(&H1F0FFF, False, GetCurrentProcessId)
Dim buffer As String * 50
Dim readlen As Long
MsgBox ReadProcessMemory(pHandle, 255, buffer, 50, readlen)
CloseHandle pHandle
End Sub
Private Function ConvertNumberToString(number As Double) As String
'converts number to string will be searched in memory
If number < 256 Then ConvertNumberToString = Chr(number): Exit Function
If number < 65536 Then
ConvertNumberToString = Chr(number And 255) & Chr((number And 65280) / 256)
Exit Function
End If
b4 = number And 255: number = Int(number / 256)
b3 = number And 255: number = Int(number / 256)
b2 = number And 255: number = Int(number / 256)
b1 = number And 255: number = Int(number / 256)
ConvertNumberToString = Chr(b4) & Chr(b3) & Chr(b2) & Chr(b1)
End Function
VB is still crashing when I run this.
"I don't want to live alone until I'm married" - M.M.R.P
-
Feb 16th, 2005, 09:53 AM
#27
New Member
Re: Read Another Program's Memory
Hi;
i have some quetions about how reading memory of a process..well, i have a program that help me to read all memory and change text of a proces textbox. but it isnot enough for me . i want to read only a specified process memory but i do not know how do i get starting and ending memory address of a specified process? could you help me?
-
Feb 16th, 2005, 04:34 PM
#28
Re: Read Another Program's Memory
Show us the code you're using to read the memory now and we'll be better able to help you.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|