Reading a pointer from another process memory

Question

I'm trying to read a pointer from another process. I can read the content of the pointer, and I actually receive an address, but what I want to do is to go one step beyond that and take the value inside the received address. I think i'm doing it wrong, or else I guess it's not possible the way I'm doing it?

Here's my code:

#include <iostream>
#include <windows.h>
using namespace std;

int main() {

    DWORD pid;
    int **buffer = NULL;
    cout << "Current PID: " << GetCurrentProcessId();
    cout << "\nTarget PID: ";
    cin >> pid;

    HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);

    if (handle == NULL) {
        cout << "\nCant open process. Error Code: " << GetLastError();
        return EXIT_FAILURE;
    }

    else {
        ReadProcessMemory(handle, (LPCVOID)0x5BF9A4, &buffer, sizeof(buffer), NULL); // &*buffer maybe?
        if (ReadProcessMemory == 0) { 
            cout << "\nRPM failed, ERROR_CODE: " << GetLastError();
            return EXIT_FAILURE;
        }
    }

    cout << "\nBuffer: " << buffer << endl;
    //cout << "Buffer 1st hop: " << *buffer << endl; // Wont execute. Crashed maybe?
    //cout << "Buffer 2nd hop: " << **buffer << endl;
    CloseHandle(handle);
    if (CloseHandle != 0){
        cout << "Handle to process destroyed successfully.\n";
    }
    system("pause");

    return 0;
}

Answer 1

You have to reserve the space to put the read content:

char buffer[1024];
ReadProcessMemory(handle, (LPCVOID)0x5BF9A4, buffer, sizeof(buffer), NULL);

And you should get the read count in the last parameter:

int r = 0;
char buffer[1024];
ReadProcessMemory(handle, (LPCVOID)0x5BF9A4, buffer, sizeof(buffer), &r);

That way you know how much data you read.

And you have to get the result from the call:

int r = 0;
char buffer[1024];
int ok = ReadProcessMemory(handle, (LPCVOID)0x5BF9A4, buffer, sizeof(buffer), &r);
if (! ok)
   // do something

After that you may read the content buffer[0] is the first char.

Answer 2

I'm not sure if I misunderstood, you may have the process like below:

#include <windows.h>
#include <iostream>

int main()
{
    int data = 10;
    int* p = &data;
    int** pp = &p;
    printf("pid = %d\n", GetCurrentProcessId());
    printf("p = %x\n",p);
    printf("pp = %x\n", pp);
    printf("address of pp = %x\n", &pp);
    return 0;
}

You have the address of pp , and want to get the value of data ?

The address space for each process is private unless it shared. You just read the value of the local variable pp through the address, you also need to read the address pp again to get the value of p , and finally read the address of p to get the data :

#include <windows.h>
#include <iostream>
int main()
{
    DWORD pid;
    int** buffer = NULL;
    cout << "Current PID: " << GetCurrentProcessId();
    cout << "\nTarget PID: ";
    cin >> pid;
    HANDLE hProcess = OpenProcess(PROCESS_VM_READ, false, pid);
    if (hProcess == NULL)
    {
        int error = GetLastError();
        cout << "OpenProcess error: " << error << endl;
        return EXIT_FAILURE;
    }
    int** pp = NULL;
    BOOL ret = 0;
    LPCVOID address = (LPCVOID)0xd3fe20;
    ret = ReadProcessMemory(hProcess, address, &pp, sizeof(int**), 0);
    printf("pp = %x\n", pp);

    int* p = NULL;
    ret = ReadProcessMemory(hProcess, pp, &p, sizeof(int*), 0);
    printf("p = %x\n", p);

    int data = 0;
    ret = ReadProcessMemory(hProcess, (LPCVOID)p, &data, sizeof(int), 0);
    printf("data = %d\n", data);

    CloseHandle(hProcess);
    return 0;
}

Result: