ReadProcessMemory C++ Sample code & Question for advanced C++ users

**~~XtrmJash~~** · 07-04-2013, 09:33 PM

Hi all,

As some of you will know, I've been working on learning C++ lately, since I need to be able to write some code which I can port between Linux and windows. I decided to start off simple, and read some memory. This seems to work quite nicely:

Code:

#include "stdafx.h"
#include <Windows.h>
#include <iostream>
#include <string>

using namespace std;

int _tmain(int argc, _TCHAR* argv[])
{
	HWND hwnd = FindWindow(L"TibiaClient",NULL);
	int value = 0;
	DWORD addr = 0x104E1E0;
	DWORD pid;
	cout << "Handle : " << hwnd << endl;
	cout << "Address: " << addr << endl;
	GetWindowThreadProcessId(hwnd,&pid);
	HANDLE phandle = OpenProcess(PROCESS_VM_READ,0,pid);
	cout << "Success: " << ReadProcessMemory(phandle, (void*)addr, &value, sizeof(value), 0) << endl;
	cout << "Read   : " << value << endl;
	cout << "Error  : " << GetLastError();
	cin.get();
	return 0;
}

This code runs quite nicely, but I have to pass the address as baseAddress + memoryAddress. I'd rather not do that, where possible, since of course I would need to acquire a new base address each time I run the code. Could someone provide me with a function into which I can pass a handle, and get the base address of the main module? I've been advised that I should use EnumProcessModulesEx(), but I have no idea where to begin using that function. A piece of sample code would be marvellous, failing that, it'd be good if someone could define the parameters I need to pass in, and how to obtain those which I don't already have. I know I can get a list of parameters using intellisence, but the definitions are far too vague for me to understand with my current knowledge.

Thanks!

**Farsa** · 07-04-2013, 09:50 PM

check this out http://msdn.microsoft.com/en-us/libr...(v=vs.85).aspx

**~~XtrmJash~~** · 07-04-2013, 10:03 PM

Originally Posted by Farsa

check this out http://msdn.microsoft.com/en-us/libr...(v=vs.85).aspx

That's one page I actually haven't yet stumbled upon. Looks interesting and I'll definitely give the sample a shot, but I'm curious, do I actually need to traverse that list to find the main module? And how would I go about determining which module is the "main" one? In C# it was all so simple...

Code:

Console.WriteLine(Convert.ToString(Process.GetProcessesByName("Tibia")[0].MainModule.BaseAddress));

So, so simple...

**Blequi** · 07-04-2013, 10:17 PM

I didn't test, but by logic the main module should be the first module of the process, i.e., the me32 instance if Module32First( hModuleSnap, &me32 ) returns TRUE in the example.

**Farsa** · 07-04-2013, 10:25 PM

You stop transversing it when you find a module whose me32.szModule is "Tibia.exe" or whatever the process/module name is. Btw, make sure you take into account ansi/wide string usage when comparing those two.

**~~panqnik~~** · 07-05-2013, 08:16 AM

http://en.wikipedia.org/wiki/Win32_T...ormation_Block and http://en.wikipedia.org/wiki/Process_Environment_Block

**~~XtrmJash~~** · 07-13-2013, 10:13 PM

Alright guys I'm traversing the list of modules within the process, can someone advise of why the output is as it is? Here is the code:

Code:

	HWND hwnd = FindWindow(L"TibiaClient", NULL);
	cout << "Handle: " << hwnd << endl;
	DWORD cbNeeded;
	DWORD processID;
	GetWindowThreadProcessId(hwnd, &processID);
	cout << "Process ID: " << processID << endl;
	HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, TRUE, processID);
	cout << "Process Handle: " << handle << endl;
	HMODULE hMods[1024];
	if (EnumProcessModules(handle, hMods, sizeof(hMods), &cbNeeded))
	{
		cout << "Enumerated: " << "Success!" << endl;
		for (int i = 0; i < (cbNeeded / sizeof(hwnd)); i++)
		{
			cout << "Round " << i << ": ";
			TCHAR szModName[MAX_PATH];
			if (GetModuleFileNameEx(handle, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR)))
			{
				cout << "Module Name: " << szModName << ". Entry Number: " << hMods[i] ;
			}
			cout << ". " << endl;
		}
	}
	CloseHandle(handle);
	cout << "End" << endl;
	cin.get();
	return 0;

And the output:

Code:

Handle: 000D0454
Process ID: 2236
Process Handle: 00000040
Enumerated: Success!
Round 0: Module Name: 001EE748. Entry Number: 00C70000.
Round 1: Module Name: 001EE748. Entry Number: 77540000.
Round 2: Module Name: 001EE748. Entry Number: 76EC0000.
Round 3: Module Name: 001EE748. Entry Number: 759A0000.
Round 4: Module Name: 001EE748. Entry Number: 72300000.
Round 5: Module Name: 001EE748. Entry Number: 71F90000.
Round 6: Module Name: 001EE748. Entry Number: 71EB0000.
Round 7: Module Name: 001EE748. Entry Number: 6B140000.
Round 8: Module Name: 001EE748. Entry Number: 75240000.
Round 9: Module Name: 001EE748. Entry Number: 74E50000.
Round 10: Module Name: 001EE748. Entry Number: 75410000.
Round 11: Module Name: 001EE748. Entry Number: 6C840000.
Round 12: Module Name: 001EE748. Entry Number: 75B00000.
Round 13: Module Name: 001EE748. Entry Number: 75960000.
Round 14: Module Name: 001EE748. Entry Number: 72500000.
Round 15: Module Name: 001EE748. Entry Number: 68140000.
Round 16: Module Name: 001EE748. Entry Number: 77260000.
Round 17: Module Name: 001EE748. Entry Number: 74F50000.
Round 18: Module Name: 001EE748. Entry Number: 74AF0000.
Round 19: Module Name: 001EE748. Entry Number: 76E10000.
Round 20: Module Name: 001EE748. Entry Number: 76C60000.
Round 21: Module Name: 001EE748. Entry Number: 76D80000.
Round 22: Module Name: 001EE748. Entry Number: 74BF0000.
Round 23: Module Name: 001EE748. Entry Number: 722F0000.
Round 24: Module Name: 001EE748. Entry Number: 6B110000.
Round 25: Module Name: 001EE748. Entry Number: 74CB0000.
Round 26: Module Name: 001EE748. Entry Number: 75A50000.
Round 27: Module Name: 001EE748. Entry Number: 773D0000.
Round 28: Module Name: 001EE748. Entry Number: 75660000.
Round 29: Module Name: 001EE748. Entry Number: 74CF0000.
Round 30: Module Name: 001EE748. Entry Number: 75B90000.
Round 31: Module Name: 001EE748. Entry Number: 74BD0000.
Round 32: Module Name: 001EE748. Entry Number: 76FF0000.
Round 33: Module Name: 001EE748. Entry Number: 74BC0000.
Round 34: Module Name: 001EE748. Entry Number: 72380000.
Round 35: Module Name: 001EE748. Entry Number: 74B60000.
Round 36: Module Name: 001EE748. Entry Number: 71A70000.
Round 37: Module Name: 001EE748. Entry Number: 6F920000.
Round 38: Module Name: 001EE748. Entry Number: 724E0000.
Round 39: Module Name: 001EE748. Entry Number: 6C680000.
Round 40: Module Name: 001EE748. Entry Number: 74B50000.
Round 41: Module Name: 001EE748. Entry Number: 77250000.
Round 42: Module Name: 001EE748. Entry Number: 10000000.
Round 43: Module Name: 001EE748. Entry Number: 77000000.
Round 44: Module Name: 001EE748. Entry Number: 75360000.
Round 45: Module Name: 001EE748. Entry Number: 76EA0000.
Round 46: Module Name: 001EE748. Entry Number: 51E70000.
Round 47: Module Name: 001EE748. Entry Number: 74AC0000.
Round 48: Module Name: 001EE748. Entry Number: 6B780000.
Round 49: Module Name: 001EE748. Entry Number: 6B810000.
Round 50: Module Name: 001EE748. Entry Number: 703F0000.
Round 51: Module Name: 001EE748. Entry Number: 77420000.
Round 52: Module Name: 001EE748. Entry Number: 750B0000.
Round 53: Module Name: 001EE748. Entry Number: 74DD0000.
Round 54: Module Name: 001EE748. Entry Number: 66710000.
Round 55: Module Name: 001EE748. Entry Number: 666F0000.
End

**~~XtrmJash~~** · 07-13-2013, 10:23 PM

Got it, it's wchar and I'm not handling it correctly. Thanks! Correct code:

Code:

	HWND hwnd = FindWindow(L"TibiaClient", NULL);
	cout << "Handle: " << hwnd << endl;
	DWORD cbNeeded;
	DWORD processID;
	GetWindowThreadProcessId(hwnd, &processID);
	cout << "Process ID: " << processID << endl;
	HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, TRUE, processID);
	cout << "Process Handle: " << handle << endl;
	HMODULE hMods[1024];
	if (EnumProcessModules(handle, hMods, sizeof(hMods), &cbNeeded))
	{
		cout << "Enumerated: " << "Success!" << endl;
		for (int i = 0; i < (cbNeeded / sizeof(hwnd)); i++)
		{
			cout << "Round " << i << ": ";
			TCHAR szModName[MAX_PATH];
			if (GetModuleFileNameEx(handle, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR)))
			{
				cout << "Module Name: ";
				wcout << szModName; // Wide string char thing
				cout << ". Entry Number: " << hMods[i] ; // hMods may be wide string, too, IDK, I didn't use it yet.
			}
			cout << ". " << endl;
		}
	}
	CloseHandle(handle);
	cout << "End" << endl;
	cin.get();
	return 0;

Thread: ReadProcessMemory C++ Sample code & Question for advanced C++ users

Thread Tools

Search Thread

Display

ReadProcessMemory C++ Sample code & Question for advanced C++ users

Posting Permissions