stackoom
  简体   繁体   中英

Reading other process memory returns question marks

 原文  2019-05-06 13:14:51       c#/ winapi/ memory

Question

I'm reading other process memory with other memory scan tools and then I use given address in this simple console app: 

const int PROCESS_WM_READ = 0x0010;

[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);

[DllImport("kernel32.dll")]
public static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);

static void Main(string[] args)
{
    Process process = Process.GetProcessesByName("myProcess")[0];
    IntPtr processHandle = OpenProcess(PROCESS_WM_READ, false, process.Id);

    var ptr = int.Parse(Console.ReadLine(), NumberStyles.HexNumber);

    Console.WriteLine($"ptr: {ptr}");

    for (int i = 1; i < 129; i++)
    {
        int bytesRead = 0;
        byte[] buffer = new byte[i];

        try
        {
            ReadProcessMemory((int)processHandle, ptr, buffer, buffer.Length, ref bytesRead);

            if (BitConverter.ToInt32(buffer, 0) == 0)
            {
                Console.WriteLine("error occured");
                continue;
            }

            Console.WriteLine(bytesRead.ToString());
            Console.WriteLine(Encoding.Unicode.GetString(buffer));
        }
        catch(Exception ex)
        {
            Console.WriteLine(ex.Message);
        }
    }
    Console.ReadLine();
}

The problem is that outcome is always some ? ?? ? ? ?? ? instead of int that I'm trying to reach

I tried different encodings 

Console.WriteLine(Encoding.ASCII.GetString(buffer) + " (" + bytesRead.ToString() + "bytes)");
Console.WriteLine(Encoding.UTF8.GetString(buffer) + " (" + bytesRead.ToString() + "bytes)");
Console.WriteLine(Encoding.Default.GetString(buffer) + " (" + bytesRead.ToString() + "bytes)");

and buffer length - thats why there's Loop

What may be wrong with this?

1 answers

solution1
 1  2019-05-08 05:56:56

You can attach the target process to Visual Studio to see values in the address you want to read. If they are valid data you can print out like this: Console.WriteLine(buffer[0]);

The following is example of reading process memory of BingDict (32bit) you can refer to. 

class Program
{
    [DllImport("kernel32.dll")]
    public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);

    [DllImport("kernel32.dll")]
    public static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);

    const int PROCESS_WM_READ = 0x0010;

    static void Main(string[] args)
    {
        Process process = Process.GetProcessById(13568);
        IntPtr processHandle = OpenProcess(PROCESS_WM_READ, false, process.Id);

        // Get the process start information
        ProcessStartInfo myProcessStartInfo = new ProcessStartInfo("BingDict");
        // Assign 'StartInfo' of notepad to 'StartInfo' of 'process' object.
        process.StartInfo = myProcessStartInfo;
        //process.Start();
        System.Threading.Thread.Sleep(1000);
        ProcessModule myProcessModule;
        // Get all the modules associated with the process
        ProcessModuleCollection myProcessModuleCollection = process.Modules;
        Console.WriteLine("Base addresses of the modules associated are:");
        // Display the 'BaseAddress' of each of the modules.
        for (int i = 0; i < myProcessModuleCollection.Count; i++)
        {
            myProcessModule = myProcessModuleCollection[i];
            Console.WriteLine(myProcessModule.ModuleName + " : "
                + myProcessModule.BaseAddress);
        }
        // Get the main module associated with the process
        myProcessModule = process.MainModule;
        // Display the 'BaseAddress' of the main module.
        Console.WriteLine("The process's main module's base address is: {0:X4}",
            (int)myProcessModule.BaseAddress);

        var ptr = (int)myProcessModule.BaseAddress;

        for (int i = 1; i < 129; i++)
        {
            int bytesRead = 0;
            byte[] buffer = new byte[1];

            try
            {
                if (ReadProcessMemory((int)processHandle, ptr, buffer, buffer.Length, ref bytesRead))
                {
                    Console.WriteLine(buffer[0]);
                }                  
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.Message);
            }
        }
        Console.ReadLine();
    }

}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Access Other Process Memory C# Reading Process Memory Reading from Protected Process Memory Reading other process console output SQL Parameters and Question Marks Question Marks in XPS Document C# reading another process memory Reading memory from a process (game in this case) C# Reading Process Memory - unknown error c# encoding problems (question marks) while reading file from StreamReader
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM