ReadProcessMemory + address from ollydbg

bauss via Digitalmars-d-learn digitalmars-d-learn at puremagic.com
Fri Jun 30 17:48:01 PDT 2017


On Saturday, 1 July 2017 at 00:40:11 UTC, ag0aep6g wrote:
> On 07/01/2017 02:30 AM, bauss wrote:
>> On Saturday, 1 July 2017 at 00:23:36 UTC, ag0aep6g wrote:
>>> On 07/01/2017 01:41 AM, bauss wrote:
> [...]
>>>>    if (!ReadProcessMemory(process,
>>>>      cast(PCVOID)address, cast(PVOID)&data,
>>>
>>> The second cast still looks suspicious. PVOID is void*, 
>>> right? Then any mutable pointer type should implicitly 
>>> convert to PVOID and you shouldn't need the cast.
> [...]
>> Well the address is not a pointer. It's DWORD which is uint, 
>> so the cast is necessary since it stores the address.
>
> Not that one. The other one. This one: `cast(PVOID)&data`.
>
> I don't expect it to be related to your problem, but it 
> shouldn't be necessary as far as I see.

Yeah, the cast was unnecessary.

So this is my code after the changes:
string ReadWinString(HANDLE process, DWORD address, size_t 
stringSize, string defaultValue = "") {
   if (!process || !address) {
     return defaultValue;
   }

   SIZE_T bytesRead;
   char[1024] data;

   if (!ReadProcessMemory(process,
     cast(LPCVOID)address, &data,
     stringSize, &bytesRead)) {
     return defaultValue;
   }

   auto s = cast(string)data[0 .. stringSize].idup;

   return s ? s : defaultValue;
}

Results are still garbage data, correct length in bytesRead 
however.

I tried to pass the address with the main module's base address 
because I saw some posts online suggesting you might need to do 
that.

If I do that however I just get error 299 (ERROR_PARTIAL_COPY), 
so I don't think I needed the base address, but still can't 
figure out what exactly is wrong with my code and why I can't 
read the string from the address I give it, when it's a static 
address. Every time I look with ollydbg the address is the same 
and ollydbg can find the string just fine.


More information about the Digitalmars-d-learn mailing list