ReadProcessMemory + address from ollydbg
bauss via Digitalmars-d-learn
digitalmars-d-learn at puremagic.com
Fri Jun 30 16:53:19 PDT 2017
On Friday, 30 June 2017 at 23:41:19 UTC, bauss wrote:
> On Friday, 30 June 2017 at 21:36:25 UTC, ag0aep6g wrote:
>> On Friday, 30 June 2017 at 20:14:15 UTC, bauss wrote:
>>> [...]
>>
>> I guess the first cast is necessary when `address` isn't typed
>> as a pointer yet. But the other casts shouldn't be needed. If
>> you get errors without them, those errors might give a hint on
>> what's wrong.
>>
>>> [...]
>>
>> bytesRead is a SIZE_T, no? Or maybe a DWORD.
>
> It's the same.
>
> This is my read function:
> string ReadWinString(HANDLE process, DWORD address, size_t
> stringSize, string defaultValue = "") {
> if (!process || !address) {
> return defaultValue;
> }
>
> SIZE_T bytesRead;
> char[1024] data;
>
> if (!ReadProcessMemory(process,
> cast(PCVOID)address, cast(PVOID)&data,
> stringSize, &bytesRead)) {
> return defaultValue;
> }
>
> auto s = cast(string)data[0 .. stringSize];
>
> return s ? s : defaultValue;
> }
>
> And this is how I call it:
> auto text = ReadWinString(handleFromOpenProcess, 0x0000000, 16,
> "defaultString...");
>
> where 0x0000000 is the address obviously.
>
> If you can spot what I'm doing wrong it would be appreciated.
I mean I get data, it's not like the call fails or gives an
error. It's just not the data I'm expecting.
I suspect the address is wrong, but it's the static address I
picked up from ollydbg, so I'm kinda lost as for how ollydbg can
get the correct string and I get the wrong one using same address.
More information about the Digitalmars-d-learn
mailing list