stackoom
  简体   繁体   中英

Read memory of 64bit process address

 原文  2019-11-12 15:41:43       c++/ windows/ memory

Question

I try to read memory at address of a process that's the code:

std::cout << "Found Process " << procEntry32.szExeFile << " With process ID " << procEntry32.th32ProcessID << std::endl;
hProc == OpenProcess(PROCESS_ALL_ACCESS, FALSE, procEntry32.th32ProcessID);
pID = procEntry32.th32ProcessID;

if (hProc == NULL) {
    std::cout << "failed getting  handle" << std::endl;
}

CloseHandle(hProcSnap);
std::cout << "hProcSnap handle closed ... " << std::endl;
return true;

Code Output

I use DWORD64

This code works if I try to read a 32-Bit process but with 64-Bit I get error

1 answers

solution1
 -1  2019-11-12 15:50:17

This can help you: read_memory.cpp

This is a personal project where I had read in the memory of a video game.

Update

bool Read_memory::initialize()
{
    string name = Thread::instance()->read("window_name");
    wstring name1(name.begin(), name.end());
    const wchar_t* name2 = name1.c_str();
    LPCTSTR window_name = name2;
    BOOL is_64bits;
    DWORD process_id;
    SYSTEM_INFO system_information;
    GetSystemInfo(&system_information);//GetSystemInfo at 32 bit
    hwnd = FindWindow(NULL, window_name);
    Thread::instance()->write("Information system found !", "console");
    proc_min_address = (int64_t) system_information.lpMinimumApplicationAddress;
    first_address = proc_min_address;
    proc_max_address = (int64_t) system_information.lpMaximumApplicationAddress;
    if(!hwnd)
    {
        Thread::instance()->write("Window not found !", "console");
        return false;
    }
    Thread::instance()->write("Window found", "console");
    GetWindowThreadProcessId(hwnd, &process_id);
    Thread::instance()->write((string)"process : " + std::to_string(process_id), "console");
    if(true)
    {
        if(true/*error == "5"*/)
        {
            if(!OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, FALSE, &handle_token))
            {
                if (GetLastError() == ERROR_NO_TOKEN)
                {
                    if (!ImpersonateSelf(SecurityImpersonation))
                    {
                        Thread::instance()->write("ERROR 1 !!!", "console");
                        return false;
                    }

                    if(!OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, FALSE, &handle_token))
                    {
                        Thread::instance()->write("ERROR 2 !!!", "console");
                        return false;
                    }
                }
                else
                {
                    Thread::instance()->write("ERROR 3 !!!", "console");
                    return false;
                }
            }
            if (!SetPrivilege(handle_token, SE_DEBUG_NAME, TRUE))
            {
                Thread::instance()->write((string)"error : " + std::to_string(GetLastError()), "console");
                Thread::instance()->write("Error in AdjustTokenPrivileges", "console");
                return FALSE;
            }
            else
                Thread::instance()->write("Privilege modify", "console");

        }
        else
        {
            Thread::instance()->write((string)"error : " + std::to_string(GetLastError()), "console");
            return false;
        }
    }
    handle = OpenProcess(PROCESS_ALL_ACCESS, false, process_id);
    if(!handle)
    {
        Thread::instance()->write((string)"error : " + std::to_string(GetLastError()), "console");
        Thread::instance()->write("SHIT !!!", "console");
        return false;
    }
    CloseHandle(handle_token);
    if(!IsWow64Process(handle, &is_64bits))
    {
        string error = (string)std::to_string(GetLastError());
        Thread::instance()->write("Could not use 64 bits process !", "console");
        Thread::instance()->write(error, "console");
        return false;
    }
    Thread::instance()->write("Use 32 bits process !", "console");
    Thread::instance()->write("Get handle !", "console");

    Thread::instance()->write((string)"Size of : " + std::to_string(sizeof(int64_t)), "console"); // 2^16
    Thread::instance()->write((string)"Min : " + std::to_string(proc_min_address), "console"); // 2^16
    Thread::instance()->write((string)"Max : " + std::to_string(proc_max_address), "console"); // 2^31 - 2^16
    SetForegroundWindow(hwnd);
    return true;
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question print 64bit c++ full memory address memory map versus 64bit process heap 64bit Memory allocation get the entry point to a 64bit process memory from a 32bit process Windows 64bit address space Launching 64bit process from 32bit program Read 32bit caches in 64bit environment How to put variable in higher address space (64bit) for testing C++ Get Module Base Address for 64bit Application How to intercept API method calls in a 64bit process?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM