Thread: ReadProcessMemory looping help

  1. 10-16-2009 #1
    Anddos
    Anddos is offline
    Registered User
    Join Date
    Nov 2002
    Posts
    319

    ReadProcessMemory looping help

    i am trying to learn how you loop and increment the address to scan without missing any address
    everything up until this point is ok and its a valid handle...

    HANDLE ScanProc = OpenProcess(PROCESS_ALL_ACCESS,true,pe32.th32Proce ssID);
    GetSystemInfo(&si);
    LPVOID Buffer;
    DWORD Read;
    LPVOID Address
    ReadProcessMemory(ScanProc,si.lpMinimumApplication Address,Buffer,500,&Read);


    i know you have to loop until you reach si.lpMinimumApplicationAddress but i am stuck on the part where you increment the address to scan ...
    thanks if you can help
    Last edited by Anddos; 10-16-2009 at 01:12 AM.
  2. 10-17-2009 #2
    BobS0327
    BobS0327 is offline
    Registered User
    Join Date
    Mar 2005
    Location
    Mountaintop, Pa
    Posts
    1,058
    Code:
    #pragma comment(lib, "advapi32.lib")
#include <windows.h>
#include <stdio.h>

VOID DumpBuffer(const unsigned char* pBuffer, size_t sz)
{
    for (size_t i = 0; i < sz; ++i)
        printf("0x%x ", pBuffer[i]);
}

BOOL DumpProcessMemory(DWORD dwPid)
{
    HANDLE pHandle;
    SYSTEM_INFO si; 
    MEMORY_BASIC_INFORMATION mbi;
    LPVOID lpMem;
    DWORD dwReturn, dwTotalRead;

    pHandle = OpenProcess(PROCESS_ALL_ACCESS, 0, dwPid);
    if (pHandle == NULL)
    {
        printf("OpenProcess failed for PID: %d\n",dwPid); 
        return FALSE;
    }
    GetSystemInfo(&si);
    lpMem = si.lpMinimumApplicationAddress;
    while (lpMem < si.lpMaximumApplicationAddress)
    {
        mbi.RegionSize = 0;
        dwReturn = VirtualQueryEx(pHandle, lpMem, &mbi, sizeof(mbi));
        if (dwReturn == sizeof(mbi)) {
            if ((mbi.Type == MEM_PRIVATE) && (mbi.State == MEM_COMMIT))
            { 
                if (mbi.RegionSize > 0)
                {
                    const BYTE* cbBuffer = (BYTE*)HeapAlloc(GetProcessHeap(), NULL, mbi.RegionSize);
                    if (cbBuffer == NULL) 
                    {
                        printf ("HeapAlloc failed\n");
                        return FALSE;
                    }
                    ReadProcessMemory(pHandle, mbi.BaseAddress, (LPVOID)cbBuffer, mbi.RegionSize, &dwTotalRead);
                    DumpBuffer(cbBuffer, mbi.RegionSize);
                    HeapFree(GetProcessHeap(), NULL, (LPVOID)cbBuffer);
                } 
            } 
            lpMem = (LPVOID)((DWORD)mbi.BaseAddress + mbi.RegionSize);
        } 
        else break;
    }
    CloseHandle(pHandle);
    return TRUE;
}

INT main(INT argc, CHAR **argv)
{
    DumpProcessMemory(atoi(argv[1]));
    return 0;
}
  3. 10-17-2009 #3
    adeyblue
    adeyblue is offline
    'Allo, 'Allo, Allo
    Join Date
    Apr 2008
    Posts
    639
    Only 2 obvious bugs in a 40 line function, I do believe you're improving Bob.
  4. 10-18-2009 #4
    BobS0327
    BobS0327 is offline
    Registered User
    Join Date
    Mar 2005
    Location
    Mountaintop, Pa
    Posts
    1,058
    Quote Originally Posted by adeyblue View Post
    Only 2 obvious bugs in a 40 line function, I do believe you're improving Bob.

    Actually, 2 obvious bugs in 59 lines of code.
« Previous Thread | Next Thread »
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. wierd looping effect after exporting 3ds to .x annimation
    By Anddos in forum Game Programming
    Replies: 3
    Last Post: 01-06-2009, 01:43 PM
  2. problems with prototype function looping
    By dezz101 in forum C Programming
    Replies: 5
    Last Post: 04-29-2008, 06:03 AM
  3. looping went berserk
    By miryellis in forum C Programming
    Replies: 7
    Last Post: 09-21-2004, 01:59 PM
  4. Looping questions
    By Peyote in forum C++ Programming
    Replies: 3
    Last Post: 09-15-2003, 11:01 PM
  5. ReadProcessMemory()
    By Josh Kasten in forum Windows Programming
    Replies: 2
    Last Post: 06-19-2003, 12:45 AM