-2

I have a process that I want to read memory from and it contains a string. When I get the string from it and build the string from the char array there are alot of random characters surrounding the string.

uintptr_t stringAdress = 0x0; //String Adress
char strRead[32]; //String array

cout << "Enter String Adress: ";
cin >> hex >> stringAdress;

HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pId); //Hook onto the process
if (hProcess == NULL) {
    cout << "Open Process Error: " << dec << GetLastError() << endl;
    system("pause");
    return EXIT_FAILURE;
}

//Read String Memory
BOOL readMemory = ReadProcessMemory(hProcess, LPCVOID(stringAdress), &strRead, 32, NULL);
if (readMemory == FALSE) {
    cout << "Read Process Memory Error: " << dec << DdeGetLastError << endl;
    system("pause");
}
//Build string from chars
for (size_t i = 0; i < 32; i++)
{
    cout << strRead[i] << endl;
    strDone += strRead[i];
}
//Close the handle
BOOL closeHandle = CloseHandle(hProcess);

cout << "varString = " << dec << strDone << endl;

Here is the output:

varString = h░ Default String ╠      ╠╠╠╠

I have no idea why its doing this, any help would be appreciated.

Antonin GAVREL
  • 9,682
  • 8
  • 54
  • 81
Jaspoink
  • 9
  • 1
  • 2
    What makes you think that you are reading from the correct address to begin with? Or that the data you want to read is exactly 32 bytes? Or that the data is even in a `char` format? What are you *expecting* the output to look like instead? Also, `PROCESS_ALL_ACCESS` is WAY too many privileges to ask for when opening the process, `ReadProcessMemory()` only needs `PROCESS_VM_READ`. Don't ask for more privileges than you actually need. – Remy Lebeau Mar 30 '20 at 22:49
  • I know its the right adress becuase the other process is something I made to just test. Its less than 32 bytes im only using that so it has more than enough space. The data is char because I originaly tried to have it in a string variable and it came out with errors so as far as I know it comes as a char array. I changed the privileges but I still am not sure why im getting some random chars as well. – Jaspoink Mar 30 '20 at 23:01
  • Describe your method (or put code) of figuring out the memory address of characters in other process in your question. People do not "know" addresses of data in program because they themselves just made the programs, so your explanation in comment is bogus. – Öö Tiib Apr 01 '20 at 09:11
  • `╠` is [0xCC in CP437](https://en.wikipedia.org/wiki/Code_page_437) which means that you're likely [reading uninitialized memory](https://stackoverflow.com/q/370195/995714) – phuclv Apr 18 '20 at 03:39

1 Answers1

0

varString = h░ Default String ╠ ╠╠╠╠

The junk data before the word 'Default' indicates that you are either reading the wrong address or you are trying to read a std::string which is a container not a char array.

If you're reading from the wrong address, you need to add a couple bytes to your address to make it start at the D in Default.

Secondly, your string is not null terminated, causing additional characters to be output to your console.

To help fix null termination you should do:

char strRead[32] = {0};

This will set all chars to zero, then if you read the string but not the null terminator, it will include one. In this situation it does not look like that will work, so you will have to find the length of the string manually and only read the proper number of bytes.

If it's an std::string not a char array then your problem is that std::String is a container, not an array.

I have provided an answer which reads a std::string externally already in this answer

GuidedHacking
  • 3,628
  • 1
  • 9
  • 59