Thread: Single hex dump - Error codes / Plain errors...

  1. #1
    60% Braindead
    Join Date
    Dec 2005

    Unhappy Single hex dump - Error codes / Plain errors...

    Ok, I've been working on this peice of code for about 4 days now. It still won't work. I've looked up every google peice of infortmation I could think of. What I'm trying to do is hex dump single values of another program (Google had one for hex dumping the entire program, I found it thanks to nvoight). Failing at so much as reproducing that example, I tried at least displaying a single value from my own program. And that's my current failed attempt -,-.

    I'm getting the error codes (299, ReadProcessMemory or WriteProcessMemory could not be completed.) Sence I only use ReadProcessMemory, it has to be that. Error code 998 I have no idea what this error means... At all. I'll quote msdn though; (Multiply accumulate instruction used without /QMR4121, /QMViper, /QMR5400, /QMmips32, or /QMmips64)

    Now, I thought I could Read my own process' memory without giving it tokens. I tried giving the debug priviledge token, but it doesn't change anything. Token granting code;
     HANDLE TokenHandle;
     LUID debugid;
     LookupPrivilegeValue(NULL, "SeDebugPrivilege", &debugid);
     tp.Privileges[0].Luid = debugid;
     tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
     AdjustTokenPrivileges(TokenHandle, FALSE, &tp, NULL, NULL, NULL);
    The rest is pritty simple, this is my current test program, it outputs the last error repeatdly. It also crashs after a small amount of time. I thought it would be easier to try with my own program, but it's just making things more complicated >.<.

    #include <iostream>
    #include <windows.h>
    #include <conio.h>
    #include <String.h>
    using namespace std;
    int* Search(int SearchValue, HANDLE op, DWORD add) {
     SYSTEM_INFO sys;
     LPVOID lpMem;
     string buffer;
     lpMem = sys.lpMinimumApplicationAddress;
     while(lpMem < sys.lpMaximumApplicationAddress) {
      mbi.RegionSize = 0;
      VirtualQueryEx(op, lpMem, &mbi, sizeof(mbi));
      ReadProcessMemory(op, &add, &buffer, mbi.RegionSize, NULL);
      lpMem = (LPVOID)((DWORD)mbi.BaseAddress + (DWORD)mbi.RegionSize);
      cout << GetLastError() << endl;
     return 0;
    int main() {
     int srak = 4;
     HANDLE CURRENTPROCESS = GetCurrentProcess();
     DWORD ProcessId;
     HANDLE tProc;
     tProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId());
     if(!tProc) {
      cout << "Could not open the process o-O";
      return 0;
     cout << *Search(srak, tProc, ProcessId);
    From reading all thoes google tutorials, I actualy understand the virtual memory quite well, but accessing it seems to be a really vague subject (Or maybe I just suck at searching) I've seen tutorials for hex dumping my own program without treating my program as if I don't control it, but that's not helpful to me.

    -Thank you for any help -,-.

  2. #2
    Frequently Quite Prolix dwks's Avatar
    Join Date
    Apr 2005
    #include <String.h>
    Filenames are case-sensitive under UNIX-like systems. I strongly recommend that you use a lowercase 's'. (Unless String.h is not the same as string.h.)

    Seek and ye shall find. quaere et invenies.

    "Simplicity does not precede complexity, but follows it." -- Alan Perlis
    "Testing can only prove the presence of bugs, not their absence." -- Edsger Dijkstra
    "The only real mistake is the one from which we learn nothing." -- John Powell

    Other boards: DaniWeb, TPS
    Unofficial Wiki FAQ:

    My website:
    Projects: codeform, xuni, atlantis, nort, etc.

  3. #3
    60% Braindead
    Join Date
    Dec 2005
    Ah, I haven't used C/C++ in awhile - a bit out of my element, thanks for poiting that out.

    The problem is not the tokens, I've fixed up the tokens to grant debug priv's and practicaly all the ones that sounded relevant. It still brings up the error, gah this is so much more complicated then I had hoped.

  4. #4
    Yes, my avatar is stolen anonytmouse's Avatar
    Join Date
    Dec 2002
    1. I think you can only read committed memory (where mbi.State == MEM_COMMIT).
    2. The second argument to ReadProcessMemory is the address you want to read. In your case, I think you want to use lpMem.
    3. The third argument is a pointer to a buffer and the fourth argument is the size of that buffer. A string can not be used like this.
    4. You return NULL from the Search function and then try to dereference it.

    Here is a little bit of code that will dump the process as a series of bytes:
     while(lpMem < sys.lpMaximumApplicationAddress)
       VirtualQueryEx(op, lpMem, &mbi, sizeof(mbi));
       if (mbi.State == MEM_COMMIT)
          for (size_t i = 0; i < mbi.RegionSize; i += sizeof(BYTE))
            /* Read this memory block as a series of BYTEs */
            BYTE buffer;
            ReadProcessMemory(op, mbi.BaseAddress + (i * sizeof(BYTE)), &buffer, sizeof(buffer), NULL);
            cout << buffer << endl;
       lpMem = (LPVOID)((DWORD)mbi.BaseAddress + (DWORD)mbi.RegionSize);
    Make sure you redirect the output to a text file (program > out.txt) or it will take a long time to run.
    Last edited by anonytmouse; 04-01-2007 at 09:26 AM.

  5. #5
    60% Braindead
    Join Date
    Dec 2005
    You just made my day, and quite problably many days after today, anonytmouse .

    The program is incredibly noisy when being couted, so looks like I don't have a choice but to output it via file .

    Thank you so much! -Blackroot

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Binary Search Trees Part III
    By Prelude in forum A Brief History of
    Replies: 16
    Last Post: 10-02-2004, 03:00 PM
  2. Solving c/c++ errors using core dump
    By nchauhan in forum C++ Programming
    Replies: 7
    Last Post: 06-21-2003, 09:19 AM
  3. hex dump
    By coo_pal in forum Tech Board
    Replies: 2
    Last Post: 05-23-2003, 07:07 AM
  4. hex dump
    By stanleyw in forum C++ Programming
    Replies: 1
    Last Post: 06-11-2002, 04:57 PM