CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 12 of 12
  1. #1
    Join Date
    May 2011
    Posts
    9

    Question Help! Getting Programs Base Address...

    I was asked to replocate my question to this location, hopefully this section is the place..
    --------------------------------------------------------------------------------------------------------------

    Hello all,

    Im using Microsoft Visual C++ 2010 Express, and am making an Windows form application.
    I am trying to retreive (integer) variables from an other running program called 'createvar.exe'.
    How to do that???

    I pretty sure I have to
    1) retreive the base-address of the program called 'createvar.exe' and
    2) add the offset for the desired variable(s) (thát I DO have)
    3) write the value found in thát memory location to a variable.

    Ive spend literally days and days trying to figure out how to do this.....
    Apparently im using 'managed c++'

    Can anyone PLEASE tell me how to get a base address of another program, and how to use a pointer to a pointer to a variable?

    Thanks!

  2. #2
    Join Date
    Jul 2002
    Posts
    2,543

    Re: Help! Getting Programs Base Address...

    If you have (I hope) enough information about another process, use ReadProcessMemory/WriteProcessMemory functions.

  3. #3
    Join Date
    May 2011
    Posts
    9

    Re: Help! Getting Programs Base Address...

    Quote Originally Posted by Alex F View Post
    If you have (I hope) enough information about another process, use ReadProcessMemory/WriteProcessMemory functions.
    How to use Readprocessmemory?

    I have a handle to a running program called: mytargetHandle
    I have the memoraddress: 0x16A20B90
    I would like the integer found at that address to be stored in my integer variable: value
    On MDSN i findsomething like:
    ReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, NULL);

    However....
    ReadProcessMemory(mytargetHandle, 0x16A20B90, value, 4, NULL);
    gives me:
    cannot convert parameter 2 from 'int' to 'LPCVOID'

    parameter 2... rigth..... so that means the hex-address......

    How to get it to work???? So ill have my variable written in 'value' ??

  4. #4
    Join Date
    Jul 2002
    Posts
    2,543

    Re: Help! Getting Programs Base Address...

    int value;
    ReadProcessMemory(mytargetHandle, (LPCVOID)0x16A20B90, &value, sizeof(int), NULL);

  5. #5
    Join Date
    May 2011
    Posts
    9

    Re: Help! Getting Programs Base Address...

    Quote Originally Posted by Alex F View Post
    int value;
    ReadProcessMemory(mytargetHandle, (LPCVOID)0x16A20B90, &value, sizeof(int), NULL);
    Fantastic! The LPCVOID did the trick.... how close was i.....
    Somehow the value returned is not the correct value.....

    Perhaps my address is wrong..... but just to be sure.... 'could' it be the length (size of int) that s wrong?? can that even be wrong?

    Thanx alot btw.....

  6. #6
    Join Date
    Jul 2002
    Posts
    2,543

    Re: Help! Getting Programs Base Address...

    Length is OK, it should be equal to the size of the buffer (int value). You need correct address, but I have no idea what is it.

  7. #7
    Join Date
    May 2011
    Posts
    9

    Re: Help! Getting Programs Base Address...

    Quote Originally Posted by Alex F View Post
    Length is OK, it should be equal to the size of the buffer (int value). You need correct address, but I have no idea what is it.
    whauw....... this code is getting me a different value EVERY time i execute it.....

    Apparently the value at the mentioned memorylocation is a 4-byte number.......
    I assumed that an integer on my x32 system would be a 4 byte variable... *wrong*

    I corrected my mistake, according to a code example in found in C#.
    What i am trying to achieve in managed c++ is EXACTLY the same as the following C# code:

    -------------
    byte[] buffer = new byte[4];
    uint bytesRead = 0;
    int address = Convert.ToInt32("0089afb8", 16);

    ReadProcessMemory(targetProcess.Handle, (IntPtr)address, buffer, 4, ref bytesRead);
    txtTargetHP.Text = "" + BitConverter.ToInt32(buffer, 0);
    -------------
    In the above code someone also wanted to know the variable stored in a memorylocation....

    What I have so far is the following:
    ------------
    array<Byte> ^buffer = gcnew array<Byte>(4);
    ReadProcessMemory(mytargetHandle, (LPCVOID)0x141CEA08, &buffer, 4, NULL);
    int value = BitConverter::ToInt32(buffer,0);
    MessageBox::Show(value.ToString() .... etc
    ------------

    This looks a lot more promessing now... but,
    somehow my messagebox shows me the value '0' everytime i execute my code....

    Any suggestions?

    Gr. J.A.

  8. #8
    Join Date
    Jul 2002
    Posts
    2,543

    Re: Help! Getting Programs Base Address...

    Both versions should give the same result. sizeof(int) is 4, you can use 4 if you like.
    Do you expect from another process to keep its memory unchanged? It must be dead for this.
    Be sure that process handle is correct. Check ReadProcessMemory return code.

  9. #9
    Join Date
    Jul 2002
    Posts
    2,543

    Re: Help! Getting Programs Base Address...

    Read this article: http://www.codeproject.com/KB/trace/...oryreader.aspx
    It is C#, but uses the same API. To solve such kind of problem, you must have knowledge about destination process. You need destination process source code or some Assembly experience for this task.

  10. #10
    Join Date
    May 2011
    Posts
    9

    Re: Help! Getting Programs Base Address...

    Quote Originally Posted by Alex F View Post
    Read this article: http://www.codeproject.com/KB/trace/...oryreader.aspx
    It is C#, but uses the same API. To solve such kind of problem, you must have knowledge about destination process. You need destination process source code or some Assembly experience for this task.
    Let me start by sayin: "Thanx alex for all your assistance.... you have been very kind so far."

    In your post you said something about me knowing if the variable is changing or not, and you asked me if i was sure i'm using the correct handle....

    For that i use a program often used in hacking games...... it is called 'cheat engine'.
    That program verry effectively shows me the id of the program i am trying to read...
    Comparing that with:
    MessageBox::Show(mytargetProcess[0]->Id.ToString("x"), etc....
    shows me i DO have the correct handle......

    The program ALSO shows me the variable im trying to capture, as well as the memorylocation......

    I am 99.99% sure i DO have the correct handle, hex-addres..... and that the variable is 4 byte.

    Somewhere in my code:

    array<Byte> ^buffer = gcnew array<Byte>(4);
    ReadProcessMemory(mytargetHandle, (LPCVOID)0x1648CDB8, &buffer, 4, NULL);
    int value = BitConverter::ToInt32(buffer,0);
    MessageBox::Show(value.ToString(), etc .....

    there must be going something wrong..... as all im getting in my messagebox = '0'

  11. #11
    Join Date
    Jul 2002
    Posts
    2,543

    Re: Help! Getting Programs Base Address...

    Process ID and handle are different things. Having process ID, you can create Process instance by calling Process:: GetProcessById method, and then use Process:: Handle property to get its handle.

  12. #12
    Join Date
    May 2011
    Posts
    9

    Talking Re: Help! Getting Programs Base Address...

    Quote Originally Posted by Alex F View Post
    Process ID and handle are different things. Having process ID, you can create Process instance by calling Process:: GetProcessById method, and then use Process:: Handle property to get its handle.
    The handle works, the code works...... (when using it on my own program.....)

    array<Process^>^ mytargetProcess = Process::GetProcessesByName("vartest");
    if (mytargetProcess->Length == 0){MessageBox::Show("Unable to find process");return;}
    HANDLE mytargetHandle;
    mytargetHandle = OpenProcess(PROCESS_ALL_ACCESS, 0, mytargetProcess[0]->Id);

    int buffer = 0;
    ReadProcessMemory(mytargetHandle, (LPCVOID)0x023295E0, &buffer, 4, 0);
    MessageBox::Show(buffer.ToString(), .........

    I must not have the approperiate previlleges to read software's memory i want to read.......

    My quest continues......

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  





Click Here to Expand Forum to Full Width

Featured