Thread: How to find string in process address space with ReadProcessMemory ?

  1. 10-06-2016 #1
    Evgeny
    Evgeny is offline
    Registered User
    Join Date
    Oct 2016
    Location
    Russia
    Posts
    1

    Question How to find string in process address space with ReadProcessMemory ?

    Can anyone tell me if there is something wrong with this function? I'm trying to find a string with ReadProcessMemory.
    Code:
    int  readMemory(DWORD pid)
{
      
 char readingBuffer[5] = {0};
 DWORD readingAddress = 0x00400000;
    HANDLE hProcess = OpenProcess(PROCESS_VM_READ, 0, pid);
           if( hProcess == INVALID_HANDLE_VALUE || hProcess == NULL )
                 MessageBox(0, "Error opening process!!!", "...",0);
            
 while(1)
 {
                Sleep(100);
                     printf("Address is : %0X \n",  readingAddress);
                                           
                    if(!ReadProcessMemory (hProcess, (LPVOID)readingAddress, &readingBuffer, sizeof(readingBuffer), NULL))
                    {
                        MessageBox(0, "Error reading memory!!!", "...",0);
                        return 1;
                    }
                    if (!_stricmp(readingBuffer, "http")==0)
                    {
                        MessageBox(0, "String found!", "...",0);
                        return 2;
                    }
                    readingAddress += sizeof(readingBuffer);
    
 }     
     
         
    return 0;
}
  2. 10-06-2016 #2
    Elkvis
    Elkvis is offline
    Registered User
    Join Date
    Oct 2006
    Posts
    3,445
    You're not likely to get an answer here, due to the fact that this sort of thing is often used for hacking/cracking, which is against the forum rules.
    What can this strange device be?
    When I touch it, it gives forth a sound
    It's got wires that vibrate and give music
    What can this thing be that I found?
  3. 10-06-2016 #3
    algorism
    algorism is offline
    Registered User
    Join Date
    Jun 2015
    Posts
    1,640
    You're reading into all 5 bytes of readingbuffer, but when you use _stricmp you're assuming a zero-terminated string. You should only read sizeof(readingBuffer)-1 at a time.

    Also, you should probably increment readingAddress by 1.
« Previous Thread | Next Thread »
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Reading process address space
    By nadia_tarik in forum Windows Programming
    Replies: 3
    Last Post: 01-07-2012, 10:15 AM
  2. Why address space 0-0x08000000 in a process is unused?
    By meili100 in forum Tech Board
    Replies: 8
    Last Post: 03-31-2008, 10:14 AM
  3. how do you get the min and max address space of a process ,
    By Anddos in forum Windows Programming
    Replies: 3
    Last Post: 06-07-2007, 01:30 AM
  4. ReadProcessMemory() address
    By Queatrix in forum Windows Programming
    Replies: 0
    Last Post: 01-09-2007, 04:29 PM
  5. injecting my own thread into the address space of another process - cannot call any f
    By Andrew_5342 in forum Windows Programming
    Replies: 12
    Last Post: 05-17-2003, 05:58 AM

Tags for this Thread