0

Keep Searching the internet and can't figure this out, ReadProcessMemory is returning just fine so its executing. But the output is always empty. Lenght of the array is 0 as well. 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Runtime.InteropServices;
using System.Diagnostics;

namespace MemEd
{
    class Program
    {
        static void Main(string[] args)
        {
            Process proc = Process.GetProcessesByName("client")[0];
            byte[] buff = new byte[]{};
            IntPtr bread;
            IntPtr pHandle = OpenProcess(0x0010, false, proc.Id);
            bool check = ReadProcessMemory(pHandle, (IntPtr)0x5EFF75B8, buff, 10, out bread);
            if (!check)
                Console.WriteLine("RPM Fail");

            Console.WriteLine(buff.Length); //ALWAYS returns 0, Even the value is a string "xyle"
            Console.WriteLine(Encoding.Unicode.GetString(buff));//Always empty, tryed most of Encoding types to check still a blank result.
            Console.ReadKey();
        }


        [DllImport("kernel32.dll")]
        public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);

        [DllImport("kernel32.dll", SetLastError = true)]
        static extern bool ReadProcessMemory(
            IntPtr hProcess,
            IntPtr lpBaseAddress,
            [Out] byte[] lpBuffer,
            int dwSize,
            out IntPtr lpNumberOfBytesRead);
    }
}
Dmitry
  • 13,797
  • 6
  • 32
  • 48
RichardP
  • 43
  • 4

2 Answers2

1

It's probably because the buffer you give it to fill has a length of 0 since you initialized it completely empty (new byte[] {}). Try giving it some room:

byte[] buff = new byte[1024];

Change the number based on how much memory you want to read, and then use the length as your dwSize parameter:

ReadProcessMemory(pHandle, (IntPtr)0x5EFF75B8, buff, (UInt32)buff.Length, out bread);

Also, make sure you've got the correct permissions via this answer. You'll likely need to run the app with elevated permissions.

Community
  • 1
  • 1
Cᴏʀʏ
  • 105,112
  • 20
  • 162
  • 194
  • 1
    And make sure to pass the size of your buffer for dwSize (1024 in this case), not the 10 you currently have. – Nathan A Apr 15 '14 at 22:09
0

Try to specify the size of the buff array while creating.

byte[] buff = new byte[some_size];

And also. I believe that the last argument of the ReadProcessMemory method declaration should be replaced with

out int lpNumberOfBytesRead

because of out and ref arguments are passed by reference. Then you should be able to use int bread to cut off excessive bytes from the data in the buffer.

Dmitry
  • 13,797
  • 6
  • 32
  • 48
  • I just copied pasted that import. I never really understood how i could use the last param. thanks for a use!!. – RichardP Apr 15 '14 at 23:10