ReadProcessMemory + address from ollydbg
bauss via Digitalmars-d-learn
digitalmars-d-learn at puremagic.com
Fri Jun 30 17:30:33 PDT 2017
On Saturday, 1 July 2017 at 00:23:36 UTC, ag0aep6g wrote:
> On 07/01/2017 01:41 AM, bauss wrote:
>> string ReadWinString(HANDLE process, DWORD address, size_t
>> stringSize, string defaultValue = "") {
>> if (!process || !address) {
>> return defaultValue;
>> }
>>
>> SIZE_T bytesRead;
>> char[1024] data;
>>
>> if (!ReadProcessMemory(process,
>> cast(PCVOID)address, cast(PVOID)&data,
>
> The second cast still looks suspicious. PVOID is void*, right?
> Then any mutable pointer type should implicitly convert to
> PVOID and you shouldn't need the cast.
>
>> stringSize, &bytesRead)) {
>> return defaultValue;
>> }
>>
>> auto s = cast(string)data[0 .. stringSize];
>>
>> return s ? s : defaultValue;
>
> Here's an error that produces garbage.
>
> `data` is a fixed-sized array, so the values are on the stack.
> That means `s` points to the stack. You can't return a pointer
> to the stack. It becomes invalid when the function returns. You
> can put it on the heap instead: `auto s = data[0 ..
> stringSize].idup;`.
>
>> }
Using ".idup" makes no difference in the result. I was under the
impression the cast would already do that though, guess not.
However the result is the same. I also tried to check "data"
directly and it's already garbage there.
Well the address is not a pointer. It's DWORD which is uint, so
the cast is necessary since it stores the address.
More information about the Digitalmars-d-learn
mailing list