Question ReadProcessMemory trouble

P

PwUP

Member
Joined
Sep 21, 2009
Messages
23
Programming Experience
1-3
Hi :D
I'm here with a new problem!
This time i have to read a string from a textbox on an other window (not one form in my project).
I've got the correct address to that string memory, i can always get the correct
handle and process of the window, but i don't know how to use them
with ReadProcessMemory. Can you help me?
I've already tried to search for it all over the web, i also found some examples
but they all gives me errors or don't work. :mad:
 
Sort by date Sort by votes
Hi, i found out this class:
VB.NET: 
Imports System
Imports System.Collections.Generic
Imports System.Diagnostics
Imports System.Linq
Imports System.Runtime.InteropServices
Imports System.Text
Imports Microsoft.Win32.SafeHandles

Namespace SomeProjectName.Classes
    Public Class API
#Region "API Class Win32 API Definitions"
        ''' <summary>
        ''' kernel32.OpenProcess
        ''' </summary>
        ''' <param name="dwDesiredAccess"></param>
        ''' <param name="bInheritHandle"></param>
        ''' <param name="dwProcessId"></param>
        ''' <returns></returns>
        <DllImport("kernel32.dll", SetLastError:=True)> _
        Public Shared Function OpenProcess(ByVal dwDesiredAccess As UInt32, ByVal bInheritHandle As Int32, ByVal dwProcessId As UInt32) As IntPtr
        End Function

        ''' <summary>
        ''' kernel32.CloseHandle
        ''' </summary>
        ''' <param name="hObject"></param>
        ''' <returns></returns>
        <DllImport("kernel32.dll", SetLastError:=True)> _
        Public Shared Function CloseHandle(ByVal hObject As IntPtr) As Int32
        End Function

        ''' <summary>
        ''' kernel32.ReadProcessMemory
        ''' </summary>
        ''' <param name="hProcess"></param>
        ''' <param name="lpBaseAddress"></param>
        ''' <param name="lpBuffer"></param>
        ''' <param name="nSize"></param>
        ''' <param name="lpNumberOfBytesRead"></param>
        ''' <returns></returns>
        <DllImport("kernel32.dll", SetLastError:=True)> _
        Public Shared Function ReadProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, <[In](), Out()> ByVal lpBuffer As Byte(), ByVal nSize As UInt32, ByRef lpNumberOfBytesRead As IntPtr) As Boolean
        End Function

        ''' <summary>
        ''' kernel32.WriteProcessMemory
        ''' </summary>
        ''' <param name="hProcess"></param>
        ''' <param name="lpBaseAddress"></param>
        ''' <param name="lpBuffer"></param>
        ''' <param name="nSize"></param>
        ''' <param name="lpNumberOfBytesWritten"></param>
        ''' <returns></returns>
        <DllImport("kernel32.dll", SetLastError:=True)> _
        Public Shared Function WriteProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, <[In](), Out()> ByVal lpBuffer As Byte(), ByVal nSize As UInt32, ByRef lpNumberOfBytesWritten As IntPtr) As Boolean
        End Function
#End Region

#Region "API Class Main API Wrappers"
        ''' <summary>
        ''' Poke -      Overall ReadProcessMemory wrapper used to
        '''             read any amount of memory into a byte array.
        ''' </summary>
        ''' <param name="proc"></param>
        ''' <param name="iAddress"></param>
        ''' <param name="btBuffer"></param>
        ''' <returns></returns>
        Public Shared Function Poke(ByVal proc As Process, ByVal iAddress As IntPtr, ByVal btBuffer As Byte()) As Boolean
            If proc Is Nothing OrElse proc.HasExited = True Then
                Return False
            End If

            Dim ptBytesWritten As New IntPtr(0)
            Return WriteProcessMemory(proc.Handle, iAddress, btBuffer, CUInt(btBuffer.Length), ptBytesWritten)
        End Function
        ''' <summary>
        ''' Peek -      Overall WriteProcessMemory wrapper used to
        '''             write the given data buffer into a process.
        ''' </summary> 
        ''' <param name="proc"></param>
        ''' <param name="iAddress"></param>
        ''' <param name="btBuffer"></param>
        ''' <returns></returns>
        Public Shared Function Peek(ByVal proc As Process, ByVal iAddress As IntPtr, ByVal btBuffer As Byte()) As Boolean
            If proc Is Nothing OrElse proc.HasExited = True OrElse btBuffer Is Nothing OrElse btBuffer.Length = 0 Then
                Return False
            End If

            Dim ptBytesRead As New IntPtr(0)
            Return ReadProcessMemory(proc.Handle, iAddress, btBuffer, CUInt(btBuffer.Length), ptBytesRead)
        End Function
#End Region

#Region "API Class Peek Wrappers"
        Public Function GetByte(ByVal proc As Process, ByVal iAddress As IntPtr) As Byte
            Dim btTemp As Byte() = New Byte(0) {}
            Peek(proc, iAddress, btTemp)
            Return btTemp(0)
        End Function
        Public Function GetByteArray(ByVal proc As Process, ByVal iAddress As IntPtr, ByVal nSize As Integer) As Byte()
            Dim btTemp As Byte() = New Byte(nSize - 1) {}
            Peek(proc, iAddress, btTemp)
            Return btTemp
        End Function
        Public Function GetInt16(ByVal proc As Process, ByVal iAddress As IntPtr) As Int16
            Dim btTemp As Byte() = New Byte(1) {}
            Peek(proc, iAddress, btTemp)
            Return BitConverter.ToInt16(btTemp, 0)
        End Function
        Public Function GetInt32(ByVal proc As Process, ByVal iAddress As IntPtr) As Int32
            Dim btTemp As Byte() = New Byte(3) {}
            Peek(proc, iAddress, btTemp)
            Return BitConverter.ToInt32(btTemp, 0)
        End Function
        Public Function GetUInt16(ByVal proc As Process, ByVal iAddress As IntPtr) As UInt16
            Dim btTemp As Byte() = New Byte(1) {}
            Peek(proc, iAddress, btTemp)
            Return BitConverter.ToUInt16(btTemp, 0)
        End Function
        Public Function GetUInt32(ByVal proc As Process, ByVal iAddress As IntPtr) As UInt32
            Dim btTemp As Byte() = New Byte(3) {}
            Peek(proc, iAddress, btTemp)
            Return BitConverter.ToUInt32(btTemp, 0)
        End Function
        Public Function GetString(ByVal proc As Process, ByVal iAddress As IntPtr, ByVal nSize As Integer) As String
            Dim btTemp As Byte() = New Byte(nSize - 1) {}
            Peek(proc, iAddress, btTemp)
            Return Encoding.ASCII.GetString(btTemp)
        End Function
#End Region

#Region "API Class Poke Wrappers"
        Public Function SetByte(ByVal proc As Process, ByVal iAddress As IntPtr, ByVal btValue As Byte) As Boolean
            Dim btTemp As Byte() = BitConverter.GetBytes(btValue)
            Return Poke(proc, iAddress, btTemp)
        End Function
        Public Function SetByteArray(ByVal proc As Process, ByVal iAddress As IntPtr, ByVal btValue As Byte()) As Boolean
            Return Poke(proc, iAddress, btValue)
        End Function
        Public Function SetInt16(ByVal proc As Process, ByVal iAddress As IntPtr, ByVal iValue As Int16) As Boolean
            Dim btTemp As Byte() = BitConverter.GetBytes(iValue)
            Return Poke(proc, iAddress, btTemp)
        End Function
        Public Function SetInt32(ByVal proc As Process, ByVal iAddress As IntPtr, ByVal iValue As Int32) As Boolean
            Dim btTemp As Byte() = BitConverter.GetBytes(iValue)
            Return Poke(proc, iAddress, btTemp)
        End Function
        Public Function SetUInt16(ByVal proc As Process, ByVal iAddress As IntPtr, ByVal iValue As UInt16) As Boolean
            Dim btTemp As Byte() = BitConverter.GetBytes(iValue)
            Return Poke(proc, iAddress, btTemp)
        End Function
        Public Function SetUInt32(ByVal proc As Process, ByVal iAddress As IntPtr, ByVal iValue As UInt32) As Boolean
            Dim btTemp As Byte() = BitConverter.GetBytes(iValue)
            Return Poke(proc, iAddress, btTemp)
        End Function
#End Region
    End Class
End Namespace
I succesfully use GetString function in that class and read the memory
in my address. But i can only see the first char in the string.
E.g., if the string allocated to the memory is "my name is Andrew", i only get "m"...
I think this depends on the third parameter in GetString function, nSize, because i don't know how to use it and what the program expects from me to write there!
My current code is: GetString(proc,address, vbnull)
where proc is the correct process (as process), and address is the correct (as intptr) variable.
What have i done wrong ?? :confused:
 
Upvote 0 Downvote

Similar threads

Z
  • Question
Resolved Detecting If A Drive Is CD Rom
Replies
5
Views
513
zunebuggy65
Z
V
  • Question
Is there a forum designed to collaborate on a VB.net project?
Replies
2
Views
584
DualBrain
DualBrain
Z
  • Question
The Application Is In Break Mode Error
Replies
2
Views
457
zunebuggy65
Z
M
  • Question
Error open SQL Database Visual Basic 2012
Replies
2
Views
633
jmcilhinney
jmcilhinney
S
  • Question
Question Regex pattern help
Replies
1
Views
415
jmcilhinney
jmcilhinney

Share this page

Latest posts

Back
Top