ReadProcessMemory + address from ollydbg
bauss via Digitalmars-d-learn
digitalmars-d-learn at puremagic.com
Fri Jun 30 16:41:19 PDT 2017
On Friday, 30 June 2017 at 21:36:25 UTC, ag0aep6g wrote:
> On Friday, 30 June 2017 at 20:14:15 UTC, bauss wrote:
>> This is my definition:
>> BOOL ReadProcessMemory(HANDLE hProcess, LPCVOID lpBaseAddress,
>> LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead);
>>
>> And I'm reading it like this:
>> if (!ReadProcessMemory(process,
>> cast(PCVOID)address, cast(PVOID)&data,
>> cast(DWORD)stringSize, cast(PDWORD)&bytesRead)) {
>> return defaultValue;
>> }
>
> I guess the first cast is necessary when `address` isn't typed
> as a pointer yet. But the other casts shouldn't be needed. If
> you get errors without them, those errors might give a hint on
> what's wrong.
>
>> process is a HANDLE that I got from OpenProcess()
>> address is a DWORD
>> data is char[1024]
>> stringSize is size_t
>> bytesRead is PDWORD
>
> bytesRead is a SIZE_T, no? Or maybe a DWORD.
It's the same.
This is my read function:
string ReadWinString(HANDLE process, DWORD address, size_t
stringSize, string defaultValue = "") {
if (!process || !address) {
return defaultValue;
}
SIZE_T bytesRead;
char[1024] data;
if (!ReadProcessMemory(process,
cast(PCVOID)address, cast(PVOID)&data,
stringSize, &bytesRead)) {
return defaultValue;
}
auto s = cast(string)data[0 .. stringSize];
return s ? s : defaultValue;
}
And this is how I call it:
auto text = ReadWinString(handleFromOpenProcess, 0x0000000, 16,
"defaultString...");
where 0x0000000 is the address obviously.
If you can spot what I'm doing wrong it would be appreciated.
More information about the Digitalmars-d-learn
mailing list