-5

i use this code to readprocessmemory :

  BOOL WINAPI ReadProcessMemory(
    _In_  HANDLE  hProcess,
    _In_  LPCVOID lpBaseAddress,
    _Out_ LPVOID  lpBuffer,
    _In_  SIZE_T  nSize,
    _Out_ SIZE_T  *lpNumberOfBytesRead
    );
char value[5]; 
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, 6500);
{
    ReadProcessMemory(hProcess, (LPVOID)105477, value, 5, 0);
}

its work 100%

but i want to know how know last Offset used in processmemory - before i read it

see the picture : enter image description here

the last offset in this processmemory is 7FFE0FFF - but how can i get it before i read the processmemory

king of the king
  • 1
  • 4

1 Answers1

0

Well it MAY work if you are absolutely sure that you CAN read the memory of the other process... anyway it is a quite dangerous method, there are much better IPC APIs to do these things!

Unless you are writing a debugger yourself... in fact ReadProcessMemory is cited here "Process Functions for Debugging" https://msdn.microsoft.com/it-it/library/windows/desktop/ms680549(v=vs.85).aspx

Davide Capodaglio
  • 79
  • 7
  • hi , "here are much better IPC APIs to do these things!" ?? like what ? – king of the king Apr 05 '17 at 21:23
  • It depends on what you have to do... if you have to just exchange data between two processes, you have shared memories, pipes, sockets, and many others... – Davide Capodaglio Apr 05 '17 at 21:28
  • no no - i just want to get last ( used ) offset of processmemory - nothing else – king of the king Apr 05 '17 at 21:32
  • but inside your process or inside another process?? – Davide Capodaglio Apr 05 '17 at 21:37
  • another process - readprocess its work great ! now you know what i want - yes ? - see the picture : https://i.stack.imgur.com/ukpZq.png – king of the king Apr 05 '17 at 21:40
  • I repeat that unless you are writing a debugger or similar, you probably on the wrong way... anyway, you could try with VirtualQueryEx to inspect the allocated memory. See here https://www.codeproject.com/kb/threads/mdumpall.aspx and also http://stackoverflow.com/questions/10372872/read-process-memory-of-a-process-does-not-return-everything – Davide Capodaglio Apr 05 '17 at 21:50
  • if you mean "si.lpMaximumApplicationAddress" - its for max address >>>>>its not for last address used – king of the king Apr 05 '17 at 21:54
  • no that is the maximum address for your system, like 2^32 if you have 4GB of RAM or something like that. See http://stackoverflow.com/questions/10372872/read-process-memory-of-a-process-does-not-return-everything where it uses info.RegionSize – Davide Capodaglio Apr 05 '17 at 21:57
  • ok tnx - i will see it - and try it and will back to you - tnx again man – king of the king Apr 05 '17 at 22:00
  • please upvote and mark resolved if you found an answer :-) – Davide Capodaglio Apr 05 '17 at 22:06
  • i stil trying to understand how use it - if its work - i will mark it – king of the king Apr 05 '17 at 22:09
  • can i use it to find string without check all process memory ? - how ? – king of the king Apr 06 '17 at 00:35
  • http://stackoverflow.com/questions/28231054/how-can-i-search-for-a-string-in-the-memory-of-another-process and http://stackoverflow.com/questions/36878017/searching-for-every-occurrence-of-a-string-in-another-processs-memory – Davide Capodaglio Apr 06 '17 at 06:57
  • man - its long code to i want - i need to a small code to do what is ask - to can understand it . and what is VirtualQueryEx is do ??? – king of the king Apr 07 '17 at 18:13
  • just take the answer here http://stackoverflow.com/questions/28231054/how-can-i-search-for-a-string-in-the-memory-of-another-process, you have a working solution. Smaller than this is not possible. Life of a programmer is hard, man. – Davide Capodaglio Apr 08 '17 at 09:57
  • ok i want to understand how code work ? - it is for find variable or find string or what ?? - what is VirtualQueryEx do ? – king of the king Apr 08 '17 at 14:05