Thread: Problem Reading Process Memory

  1. #1
    Registered User carrotcake1029's Avatar
    Join Date
    Apr 2008
    Posts
    404

    Problem Reading Process Memory

    I am having a strange problem. For a fun little test, I decided to see if I could get some minesweeper info out of memory. For some reason though, ReadProcessMemory() fails every time. I am not sure why because with this same code I was previously reading some memory from other processes. I have tried opening the process with PROCESS_ALL_ACCESS but to no avail. Can anyone point me in the right direction?

    Also, point out any bad code practices.

    Code:
    #include <stdio.h>
    #include <windows.h>
    
    typedef unsigned long  DWORD;
    
    int main(void)
    {
    	HWND hWnd = FindWindow(NULL, "Minesweeper");
    	HWND pHandle;
    	DWORD PID;
    
    	unsigned long lpWidth = 0x1005334;
    	unsigned long bytesread;
    	unsigned int width;
    	
    	if (hWnd == NULL)
    	{
    		printf("Window not found\n");
    		return 1;
    	}
    
    	printf("Window Handle = %x\n", hWnd);
    
    	GetWindowThreadProcessId(hWnd, &PID);
    
    	printf("Process ID = %x\n", PID);
    
    	pHandle = OpenProcess(PROCESS_ALL_ACCESS, 1, PID);
    
    	printf("Process Handle = %x\n", pHandle);
    
    	if (pHandle == NULL)
    	{
    		printf("The Process handle could not be retrieved\n");
    		return 1;
    	}
    
    	if (ReadProcessMemory(pHandle, &lpWidth, &width, sizeof(width), &bytesread))
    	{
    		printf("Width = %d\n", width);
    	}
    	else
    	{
    		printf("ReadProcessMemory Failed\n");
    	}
    
    
    	return 0;
    }

  2. #2
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    What does GetLastError() return after ReadProcessMemory or OpenProcess?
    Are you on XP or Vista?
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  3. #3
    Registered User carrotcake1029's Avatar
    Join Date
    Apr 2008
    Posts
    404
    XP, and 299

  4. #4
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    So, the error means:
    Only part of a ReadProcessMemory or WriteProcessMemory request was completed.

    However, I think the problem is that you are passing the parameter lpBaseAddress incorrectly.

    You probably want to do:

    Code:
    	const void *lpWidth = (void *)0x1005334;
    
            ReadProcessMemory(pHandle, lpWidth, &width, sizeof(width), &bytesread)

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  5. #5
    Registered User carrotcake1029's Avatar
    Join Date
    Apr 2008
    Posts
    404
    Thank you so much, that was correct.

    It's strange because from the source I was studying from stored it as an int.

  6. #6
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    You were taking the address of a local variable (operator &!) instead of passing the value in the variable.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  7. #7
    Registered User
    Join Date
    Mar 2005
    Location
    Mountaintop, Pa
    Posts
    1,058
    This
    Code:
    HWND pHandle;
    should be this
    Code:
    HANDLE pHandle;

  8. #8
    Registered User carrotcake1029's Avatar
    Join Date
    Apr 2008
    Posts
    404
    Quote Originally Posted by BobS0327 View Post
    This
    Code:
    HWND pHandle;
    should be this
    Code:
    HANDLE pHandle;
    Your right, it still worked though lol.

  9. #9
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by carrotcake1029 View Post
    Your right, it still worked though lol.
    All "handles" on Windows are really just integers. C will unfortunately allow silent conversion between handle types. The specific type used ("HWND" or "HANDLE" or whatever) is really just to remind you, the programmer, what it is. If you make a mistake, Windows won't know.

  10. #10
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Quote Originally Posted by brewbuck View Post
    All "handles" on Windows are really just integers. C will unfortunately allow silent conversion between handle types. The specific type used ("HWND" or "HANDLE" or whatever) is really just to remind you, the programmer, what it is. If you make a mistake, Windows won't know.
    But of course, if you have a HWND and pass it in as a PROCESS handle, then you hopefully get an error, and certainly the the expected result - just because they are the same type.

    [And I thought a HANDLE was a void *, but perhaps I'm wrong].

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  11. #11
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    HANDLE = void*
    HWND = struct with one int (don't ask me why they implemented it as such).
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  12. #12
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Quote Originally Posted by Elysia View Post
    HANDLE = void*
    HWND = struct with one int (don't ask me why they implemented it as such).
    Because a struct with one int has a name - which in turn means that you CAN differentiate between different types of types, which leads to the question of why the compiler doesn't complain about type mismatch.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  13. #13
    Registered User
    Join Date
    Mar 2005
    Location
    Mountaintop, Pa
    Posts
    1,058
    Quote Originally Posted by matsp View Post
    Because a struct with one int has a name - which in turn means that you CAN differentiate between different types of types, which leads to the question of why the compiler doesn't complain about type mismatch.

    --
    Mats
    Actually, the MS compilers do complain:
    error C2440: '=' : cannot convert from 'void *' to 'struct HWND__ *'
    Conversion from 'void*' to pointer to non-'void' requires an explicit cast

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Reading Process Memory
    By polydegmon in forum C# Programming
    Replies: 0
    Last Post: 05-26-2009, 07:18 AM
  2. Reading Process Memory
    By Llam4 in forum C# Programming
    Replies: 10
    Last Post: 04-20-2007, 01:24 PM
  3. Reading process memory
    By adr in forum C++ Programming
    Replies: 11
    Last Post: 05-17-2006, 06:09 PM
  4. pointers
    By InvariantLoop in forum C Programming
    Replies: 13
    Last Post: 02-04-2005, 09:32 AM
  5. Manipulating the Windows Clipboard
    By Johno in forum Windows Programming
    Replies: 2
    Last Post: 10-01-2002, 09:37 AM