Thread: ReadProcessMemory & windows vista

  1. #1
    Registered User
    Join Date
    Jul 2007
    Posts
    43

    ReadProcessMemory & windows vista

    Does anyone know if it is possible to use this function with windows vista? It always fails with error 299 when I call getlasterror() and reads 0 bytes.

    I can get OpenProcess to work perfectly on the process but I just cant read anything from it

    I'm running the program as administrator on Vista and Visual Studio 2005.


    Or is there some other simple way I can read and manipulate data from another process?

    Any help is greatly appreciated, thanks.

    Sean

  2. #2
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    Things that might be helpful:
    First, you need to specify what privileges your program has. I don't know what the API was called.
    Then you have to be careful when trying to read memory from a process that has a higher rating than your app (eg your user app tries to read from a system process), because it won't work then. New security stuff in Vista.

    As for other ways... are both your own processes? In such case, shared memory might do the trick.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  3. #3
    Hurry Slowly vart's Avatar
    Join Date
    Oct 2006
    Location
    Rishon LeZion, Israel
    Posts
    6,788
    I'm not sure but you may need to call VirtualProtect with suitable rights for reading memory
    All problems in computer science can be solved by another level of indirection,
    except for the problem of too many layers of indirection.
    – David J. Wheeler

  4. #4
    Registered User
    Join Date
    Mar 2005
    Location
    Mountaintop, Pa
    Posts
    1,058
    Maybe this link can be of some help to you.

  5. #5
    Registered User
    Join Date
    Jul 2007
    Posts
    43
    Thanks for responses. I'll try looking into VirtualProtect.

    Both processes are run by me but I only code one. My end goal is to make a "hack" program for the game starcraft but so far I cant get it to work with anything.

    BobS, ya I saw that link, very discouraging!

    It just doesn't make 100% sense, I own the computer and am administrator but cant do anything I want with it? WTF MICROSOFT!?

  6. #6
    Registered User
    Join Date
    Jul 2007
    Posts
    43
    BobS,

    Actually maybe thats helpful. You suggest that in vista as admin I can access any point in memory? Just with a simple pointer or is there some crazy v00d00 1337 hacker stuff invlolved?

  7. #7
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    First I hope you know that hacking is against the rules. Or stretches them very far, at best.

    Quote Originally Posted by elmutt View Post
    It just doesn't make 100% sense, I own the computer and am administrator but cant do anything I want with it? WTF MICROSOFT!?
    Precaution and security. You don't want malware to infect your processes so easily, do you?
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  8. #8
    Registered User
    Join Date
    Jul 2007
    Posts
    43
    Quote Originally Posted by Elysia View Post
    First I hope you know that hacking is against the rules. Or stretches them very far, at best.

    Precaution and security. You don't want malware to infect your processes so easily, do you?

    So many people use hacks on there. I'm bored and want to practice, I could care less about breaking their EULA. Plus if I ever wanted to compete with one of those bastards writing my own I wont have to risk all that malware.

  9. #9
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    Wrong attitude on these boards, buddy.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  10. #10
    Registered User
    Join Date
    Jul 2007
    Posts
    43
    Alright. I didnt mean to sound like an ass

    Thanks for all the hints

  11. #11
    Registered User VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,607
    So many people use hacks on there. I'm bored and want to practice, I could care less about breaking their EULA.
    I don't see many people using hacks around here. We are programmers, not hackers. You may not care about breaking the EULA or posts that talk about hacking but we do.
    Check the forum rules.

  12. #12
    Registered User
    Join Date
    Jul 2007
    Posts
    43
    ALright will just lie next time

  13. #13
    Registered User
    Join Date
    Mar 2005
    Location
    Mountaintop, Pa
    Posts
    1,058
    Quote Originally Posted by elmutt View Post
    BobS,

    Actually maybe thats helpful. You suggest that in vista as admin I can access any point in memory? Just with a simple pointer or is there some crazy v00d00 1337 hacker stuff invlolved?
    I really don't suggest anything. The link above demonstrates reading process memory in a W2K/XP environment. It also points out why the method used in W2K/XP fails miserably under Vista due to the randomization of processes now done under Vista. Neither a simple pointer nor crazy voodoo coding is involved. Under Vista, the 256 "slots" for the processes have to be enumerated to find your particular process. Also, additional code is needed to handle protected processes. Bottomline, there is a lot more code needed to read process memory under Vista because of the additional security feature(s).

    An example of how this security feature works under Vista would be an external network exploit. Let's assume that the originator did a port scan and found a vulnerable port to gain access to the network. Once infiltrated, the malware attempts to read the process memory. It now has a 1 in 256 chance to getting the correct process "slot". If on it's first try, it accessed the wrong process, the IDS system would generate alarms and the network administrator would put down her donut and investigate. Thus, you get one and only one try to get it right. Under W2K and XP this would not be an issue because everything was loaded in a predefined manner.

  14. #14
    pwns nooblars
    Join Date
    Oct 2005
    Location
    Portland, Or
    Posts
    1,094
    elmutt: It was obvious from the get go that you were looking to cheat at something, that is the case with 99% of posters who ask about reading another processes memory, and the percentage is even higher with people with less than 100 posts.

  15. #15
    Registered User
    Join Date
    Jul 2007
    Posts
    43
    Wrathan, its so easy to download a hack if I want. What if im coding an anti mineral hack that detects when their drones blow up and auto disconnects me or. Thats actually my main goal.

    If you know anything about starcraft you know what im talking about. So please dont talk unless you know what you're saying.


    BobS,

    Assuming I can find the address of the process using whatever debugger tools can you point me in the right direction of where to go form there?

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Windows Vista
    By cKoder in forum A Brief History of Cprogramming.com
    Replies: 32
    Last Post: 08-20-2005, 07:21 PM
  2. Windows 98/2000 programming in Windows XP
    By Bill83 in forum Windows Programming
    Replies: 3
    Last Post: 07-22-2005, 02:16 PM
  3. Dialog Box Problems
    By Morgul in forum Windows Programming
    Replies: 21
    Last Post: 05-31-2005, 05:48 PM
  4. dual boot Win XP, win 2000
    By Micko in forum Tech Board
    Replies: 6
    Last Post: 05-30-2005, 02:55 PM
  5. IE 6 status bar
    By DavidP in forum Tech Board
    Replies: 15
    Last Post: 10-23-2002, 05:31 PM