ReadProcessMemory + address from ollydbg
bauss via Digitalmars-d-learn
digitalmars-d-learn at puremagic.com
Fri Jun 30 17:48:01 PDT 2017
On Saturday, 1 July 2017 at 00:40:11 UTC, ag0aep6g wrote:
> On 07/01/2017 02:30 AM, bauss wrote:
>> On Saturday, 1 July 2017 at 00:23:36 UTC, ag0aep6g wrote:
>>> On 07/01/2017 01:41 AM, bauss wrote:
> [...]
>>>> if (!ReadProcessMemory(process,
>>>> cast(PCVOID)address, cast(PVOID)&data,
>>>
>>> The second cast still looks suspicious. PVOID is void*,
>>> right? Then any mutable pointer type should implicitly
>>> convert to PVOID and you shouldn't need the cast.
> [...]
>> Well the address is not a pointer. It's DWORD which is uint,
>> so the cast is necessary since it stores the address.
>
> Not that one. The other one. This one: `cast(PVOID)&data`.
>
> I don't expect it to be related to your problem, but it
> shouldn't be necessary as far as I see.
Yeah, the cast was unnecessary.
So this is my code after the changes:
string ReadWinString(HANDLE process, DWORD address, size_t
stringSize, string defaultValue = "") {
if (!process || !address) {
return defaultValue;
}
SIZE_T bytesRead;
char[1024] data;
if (!ReadProcessMemory(process,
cast(LPCVOID)address, &data,
stringSize, &bytesRead)) {
return defaultValue;
}
auto s = cast(string)data[0 .. stringSize].idup;
return s ? s : defaultValue;
}
Results are still garbage data, correct length in bytesRead
however.
I tried to pass the address with the main module's base address
because I saw some posts online suggesting you might need to do
that.
If I do that however I just get error 299 (ERROR_PARTIAL_COPY),
so I don't think I needed the base address, but still can't
figure out what exactly is wrong with my code and why I can't
read the string from the address I give it, when it's a static
address. Every time I look with ollydbg the address is the same
and ollydbg can find the string just fine.
More information about the Digitalmars-d-learn
mailing list