read and write from other process

Question

I want to be able to read and write from another process's memory. I called the functions Readprocessmemory() and WriteProcessmemory() from Kernel32.dll and I used the GetProcessByName() function to look for the process. This succeeds.

I saw the example for taking the readprocessmemory() function and declare it after I call it from kernel32.dll , but I do not understand how it works - how do I use the function to read from another process? I would appreciate an example.

Answer 1

In order to read and write memory to another process you need to use the ReadProcessMemory and WriteProcessMemory functions provided by kernel32. If you are using C# you will need to use PInvoke to import these functions into your current process.

More generally, what you need to do is this:

• Work out what process it is that you want to read/inject
• Call OpenProcess() to get a handle to the process. You'll want to send GENERIC_READ | GENERIC_WRITE as the flags to this, and you'll get a HPROCESS back that you'll need to check is not NULL.
• Decide where you want to read from in the foreign process (this is a foreign process pointer). You also need to decide how many bytes to read.
• Allocate that many bytes in your current process to hold the result of the read.
• Call ReadProcessMemory passing in the HPROCESS that you've opened, the foreign-process-pointer to read from in the other process, a pointer to your local buffer and the number of bytes to be read from the foreign process to your local buffer.

Once this is done you can look at your local buffer and you'll see data that used to be in the foreign process, and life will be good.