• Advertisement
Sign in to follow this  

Reading another processes memory

This topic is 4675 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I am trying to read the memory of a DirectX Application. Here is my code: bool CMemoryReaderDlg::ReadMemory() { HWND hWnd = ::FindWindow( NULL, "Direct3D (DX9) - Initialization"); if (hWnd == NULL) { MainText.SetWindowText("Could not get the HWND of the DirectX Application, make sure the game is running, and" " try again"); return false; } DWORD dwProcessId = NULL; ::GetWindowThreadProcessId(hWnd, &dwProcessId); if (dwProcessId == NULL) { MainText.SetWindowText("Could not get process ID of the DirectX Application"); return false; } HANDLE hProcess = NULL; hProcess = ::OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId); if (hProcess == NULL) { MainText.SetWindowText("Could not get handle to the DirectX Application process"); return false; } char Buffer[16]; char ErrorString[512]; if (::ReadProcessMemory(hProcess,0,&Buffer,16,NULL) == NULL) { sprintf(ErrorString,"Unable to read process memory, GetLastError returned %i",GetLastError()); MainText.SetWindowText(ErrorString); return false; } MainText.SetWindowText(Buffer); return true; } It crashes on the call to ReadProcessMemory(), GetLastError() returns ERROR_PARTIAL_COPY: "Only part of a ReadProcessMemory or WriteProcessMemory request was completed." Well thats helpful:). I'm not really sure what the problem is. If anyone could figure out why it is doing that, that would be greatly appreciated. -Dev578

Share this post


Link to post
Share on other sites
Advertisement
I've not used ReadProcessMemory before, but shouldn't the base address be non-NULL? Otehrwise you're trying to read a NULL pointer in another application [smile]

Also, you shouldn't be passing &Buffer to ReadProcessMemory, you should just pass Buffer (Otherwise you'll crap all over your stack)

Share this post


Link to post
Share on other sites
You won't get anything from address 0. Null is the correct output from ReadProcessMemory. You'll probably want to start at 0x400000 to get valid chunks of memory from another process.

Share this post


Link to post
Share on other sites
dev578,

I believe the way you have to use this is by spawning the directx program as a child. You should not normally have a program that can read/write memory in the address space of another program since that would be malicious in nature. I know that this is how (most normal debuggers, kernel debuggers are a whole other topic) debuggers will debug your application, which is by starting the debugger and then starting the application with a call to 'CreateProcess' (well might be a different function, but similar in use). Hope that helps you out!


-brad

Share this post


Link to post
Share on other sites
actually that is an interesting question. I've always wondered how those memory editing tools (read: cheating) map out the memory space of any running process. Heck, u can even read AND write to these.

And quite a few, like Generic Game Trainer, actually need to be run AFTER the target application has already started. I wonder how it's done...

Share this post


Link to post
Share on other sites
They work just how the OP is trying to do it. The difference being they know where in the programs memory to look for stuff. Incidentally, anti-virus software does detect them and assumes they are malicious.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement