stackoom
  简体   繁体   中英

Read Address from Process

 原文  2013-12-03 21:10:20       c++/ process

Question

I have a problem with this c++ code. When I use normal address, it works, but when I use a pointer address, it doesn't work. When I put the pointer address in, it just shows always a number, but with the normal address it's working. What do I have to add that I can use pointers? 

#include <iostream>
#include <Windows.h>
#include <string>
#include <ctime>
 using namespace std;

int main()
{
HWND hwnd = FindWindow(L"MyWindow", 0);

if (hwnd){
    cout << "WINDOW FOUND" << endl;
}

else {
    cout << "WINDOW NOT FOUND" << endl;

    cout << hwnd << endl;

}

DWORD ProcessId;

ProcessId = GetProcessId(hwnd);

GetWindowThreadProcessId(hwnd, &ProcessId);

HANDLE hProcess = OpenProcess(PROCESS_VM_READ, FALSE, ProcessId);

if (!hProcess)
{
        Beep(1000, 1000);
}
else {
    int address;
redo:
    if (ReadProcessMemory(hProcess, (int *)0x733946D8, &address, 4, NULL))
    {
        cout << dec << address << endl;
        goto redo;
    }
    else  {
        MessageBox(0, TEXT("Could not Read"), TEXT("Return"), MB_OK);
    }
}
CloseHandle(hProcess);
cout << endl;
system("pause");
}

1 answers

solution1
 2 ACCPTED  2013-12-03 21:37:42

  1. A (valid, non-null) pointer from another process only makes sense within that process's address space. The OS virtualizes memory, giving each process its own memory map, so the same address almost always refers to a totally different physical memory location. Or maybe to a location that's been swapped out, so it doesn't currently refer to physical memory at all. Or maybe it even points to a memory area that was never mapped in at all, and therefore will trigger a segfault when the alien process tries to use it.

    Point being, in order to use a pointer in another process, that pointer should in almost all cases have been obtained from the other process. And if you're looking at another process's pointers, they are useless within your own address space as anything but rather arbitrary numbers; their only real use is as indexes into the other process's space.

  2. In a 64-bit OS, pointers and ints are typically different sizes. If you're reading a pointer from the other process, you need to copy sizeof(your_pointer_type) bytes, not 4.

  3. You'd better make sure if you're going to output a pointer value like you're doing with the int, that it's not a char* -- otherwise, it'll be treated as a string, and will trigger a read of that address. See #1 above for why that's a bad thing.

    (If you actually want to read a C-string from the other process, you'll need to copy the string's bytes into your own memory. Then point at that.)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can a process read/write at any address from it's virtual memory? read memory of another process using address of variable Read memory of 64bit process address process_vm_writev not able to write to the same address that I was able to read from Read 3 bytes from Bluetooth Address? Reading an address relative to the base address from a process with ReadProcessMemory Attempt to read from a specific memory address How to read the return code from a child process Read Output From Background Process in C++ How to read Unicode string from process in Windows?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM