Results 1 to 4 of 4

Thread: ReadProcessMem for addresses that exceed the maximum value of long?

  1. Oct 13th, 2021, 01:36 PM #1
    Maatooh
    Maatooh is offline

    Thread Starter
    Member
    Join Date
    Oct 2020
    Posts
    63

    Lightbulb ReadProcessMem for addresses that exceed the maximum value of long?

    Hi, I have the following issue.

    I try to read the memory of processes that have their addresses over the maximum amount for a long of 32 bits (2,147,483,647)
    of the style
    "7FFFFFFFFFFFF"
    which generates an overflow for a long variable in vb6.

    I know we have this limitation in vb6 for long in 32 bits when trying to read 64 bit addresses, but I wonder if this can have a solution.

    I leave an example code when reading the first character of my notepad (that if it would work for any process in 32 bits).

    Private Const PROCESS_ALL_ACCESS = &H1F0FFF
    Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal SomeValueIsStoredHere As Long, lpdwProcessId As Long) As Long
    Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
    Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
    Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal Classname As String, ByVal WindowName As String) As Long
    Private Declare Function GetKeyPress Lib "user32" Alias "GetAsyncKeyState" (ByVal key As Long) As Integer
    Private Declare Function ReadProcessMem Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByRef lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long

    Public Function ReadALong(Title As String, TheAddress As Long, TheValue As Long, bts As Long)
    Dim WHwnd As Long
    Dim GWTPI As Long
    Dim SomeValue As Long
    WHwnd = FindWindow(vbNullString, Title)
    GetWindowThreadProcessId WHwnd, GWTPI
    SomeValue = OpenProcess(PROCESS_ALL_ACCESS, False, GWTPI)
    If (SomeValue = 0) Then
    Exit Function
    End If
    ReadProcessMem SomeValue, TheAddress, TheValue, bts, 0&
    Text1 = TheValue
    CloseHandle hProcess
    End Function

    Private Sub Command1_Click()
    Call ReadALong("*Sin título: Bloc de notas", Val(1769725278928#), vbNull, 1)
    End Sub
    Name: Test.jpg Views: 343 Size: 35.5 KB

    Regards!
    Reply With Quote Reply With Quote
  2. Oct 13th, 2021, 02:16 PM #2
    The trick
    The trick is offline
    PowerPoster
    Join Date
    Feb 2015
    Posts
    2,797

    Re: ReadProcessMem for addresses that exceed the maximum value of long?

    NtWow64ReadVirtualMemory64
    Multithreading without dependencies|EXE loader|Inline assembler Add-in|Kernel-mode driver on VB6|Multithreading in StandartEXE
    Native VB6-DLL|Code injection to other process|DLL injection|DirectX9|DirectSound|TrickControls|MP3 player from memory
    Easy calling by pointer|Hash-table|Safe subclassing|Vocoder|Creation of native DLL|COM-DLL without registration|FM-synthesizer
    FFT spectrum-analyser|3D Fir-tree|Asynch waiter|Wave steganography|Fast AVI-trimmer|Windows with custom rendering
    String to integer and vice versa|Multithreading with marshaling|Owner-draw listbox mod|Advanced math|Library info|TrickSound class
    Create GIF-animation|Store data to self-EXE|Computer creates a music|Hello World in machine codes|VBPNG|Signal spectrum
    secp256k1 library - generate Bitcoin keys|VBCdeclFix - use CDECL functions in VB6|VbVst - VST framework for VB6

    All my CodeBank projects.
    Reply With Quote Reply With Quote
  3. Oct 13th, 2021, 04:26 PM #3
    Maatooh
    Maatooh is offline

    Thread Starter
    Member
    Join Date
    Oct 2020
    Posts
    63

    Re: ReadProcessMem for addresses that exceed the maximum value of long?

    I could not implement it . I got no errors, but neither did the expected values ​​a just vbnull which is equal to 1.
    It would help me a lot if you can correct me and adapt under the same example.

    I would like to know if there is a write version like "NtWow64ReadVirtualMemory64" and if it is implemented in the same way, thank you very much!

    Regards.
    Last edited by Maatooh; Oct 14th, 2021 at 10:46 AM.
    Reply With Quote Reply With Quote
  4. Oct 15th, 2021, 02:32 PM #4
    Maatooh
    Maatooh is offline

    Thread Starter
    Member
    Join Date
    Oct 2020
    Posts
    63

    Re: ReadProcessMem for addresses that exceed the maximum value of long?

    Quote Originally Posted by The trick View Post
    NtWow64ReadVirtualMemory64
    I already understood how to implement what you suggest, thank you very much The trick! for sharing your knowledge and your repository.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width