Corrupt output from WideCharToMultiByte

[zenon_c++]

Hi!

System specs:
Language: C++
Compiler: Borland C++ 5.6 for Win32
OS: Windows Xp
App type: Console based application

I'm coding a Process-Lister program, where I try to output the DLLpath, ImagePathname and other strings gathered from the PEB block of each process..
This is (roughly) done in the way:

1) Read the start address of the RTL_USER_PROCESS_PARAMETER (RUPB*) from the PEB block. (offset = 0x010).
2) Read the UNICODE_STRING (US*) structure from the RUPB block (offset = depending on which field, ex: DLLPath = 0x030).
3) Read the Wide-character-string (UNICODE_STRING:Buffer) from the US block, (offset = 0x04), with the length (UNICODE_STRING:Length) bytes.

After this, I convert the read wide-character-string to a multibyte-string using the function WideCharToMultiByte.
Then I output it to the console using printf("%s\t",string)

The result is a lot of gibberish and makes no sense, I have tried changing the CodePage Identifier several times to several different types..
And still the problem remains...
Can someone help me? Or explain why? Iv'e been stuck with this problem for days now... And It's really getting to me..
See code below..

The following code demonstrates how I try to get the text from the UNICODE_STRING structure in the memory.....

<<-----CODE
.
.
UNICODE_STRING buff;
DWORD read;
if(ReadProcessMemory(process, (void *) address, &buff, 8, &read) == 0)
return;
if(buff.Length == 0)
return;
int str_size = buff.Length;
wchar_t *wchar_str = new wchar_t[str_size];
if(ReadProcessMemory(process, (void *) (address+4), wchar_str, str_size, &read) == 0){
RAP_ERROR(read);
return;
}
unsigned int codePage = 28591 //IS0-8859-1
unsigned int flag = 0;
int needed_for_trans = WideCharToMultiByte(codePage,flag, (LPCWSTR) wchar_str,-1,NULL,0,NULL,NULL);
char *multi_str = (char *)malloc(needed_for_trans);
int transed_bytes = 0;
if( (transed_bytes = WideCharToMultiByte(codePage, flag, (LPCWSTR) wchar_str, -1, multi_str, needed_for_trans, NULL, NULL)) == 0)
RAP_ERROR(read);
cout << "#DATA:";
int s = printf("%s\t", multi_str);
cout << "S:" << s << "\t";
cout << "¤BYTE:" << "[" << read << " | " << transed_bytes << endl;
delete[] wchar_str;
free(multi_str);
.
.
<<----------------------------------------------------

There is the critical piece ....
Now,, I would be REALLY glad if someone would help me....
The output from the printf is real gibberish....
And I don't understand why??

Thanks/ Gianfranco Alongi

[hankdane]

I don't know about your codepage. You say you've tried different ones, but have you tried CP_ACP? I usually use GetACP() for the codepage, and have never had any problems converting.

Also, maybe you should try to printf a known, valid mbcs string to test that it's not your display that's having problems.

[zenon_c++]

Well.. yes.
I have tried practically ALL CodePages and also using GetACP and GetOEMCP...

I have also tried printing a WideChar string made by myself... and it works fine...
I can't imagine the idea of the RTL_USER_PROCESS_PARAMETERS block holding
random scrap data in the UNICODE_STRING structures....

[zenon_c++]

Problem solved!!!!!

Fix:
I was treating the (LPWSTR) Buffer member of the UNICODE_STRING structure
as the actuall String, instead of a pointer to the WSTR.

Thanx annyway!