ReadProcessMemory + address from ollydbg

bauss via Digitalmars-d-learn digitalmars-d-learn at puremagic.com
Fri Jun 30 16:53:19 PDT 2017


On Friday, 30 June 2017 at 23:41:19 UTC, bauss wrote:
> On Friday, 30 June 2017 at 21:36:25 UTC, ag0aep6g wrote:
>> On Friday, 30 June 2017 at 20:14:15 UTC, bauss wrote:
>>>     [...]
>>
>> I guess the first cast is necessary when `address` isn't typed 
>> as a pointer yet. But the other casts shouldn't be needed. If 
>> you get errors without them, those errors might give a hint on 
>> what's wrong.
>>
>>> [...]
>>
>> bytesRead is a SIZE_T, no? Or maybe a DWORD.
>
> It's the same.
>
> This is my read function:
> string ReadWinString(HANDLE process, DWORD address, size_t 
> stringSize, string defaultValue = "") {
>   if (!process || !address) {
>     return defaultValue;
>   }
>
>   SIZE_T bytesRead;
>   char[1024] data;
>
>   if (!ReadProcessMemory(process,
>     cast(PCVOID)address, cast(PVOID)&data,
>     stringSize, &bytesRead)) {
>     return defaultValue;
>   }
>
>   auto s = cast(string)data[0 .. stringSize];
>
>   return s ? s : defaultValue;
> }
>
> And this is how I call it:
> auto text = ReadWinString(handleFromOpenProcess, 0x0000000, 16, 
> "defaultString...");
>
> where 0x0000000 is the address obviously.
>
> If you can spot what I'm doing wrong it would be appreciated.

I mean I get data, it's not like the call fails or gives an 
error. It's just not the data I'm expecting.

I suspect the address is wrong, but it's the static address I 
picked up from ollydbg, so I'm kinda lost as for how ollydbg can 
get the correct string and I get the wrong one using same address.


More information about the Digitalmars-d-learn mailing list