Help reading string from process memory

Shalvaid (3)
Hello everybody, I must say I am a bit new programming on c++. I usually develop my applications in vb6 or c#.
Now I'm in the middle of a trouble trying to make a Win32 COM DLL in C++ to find in a process memory a certain string, for example "Example". (7 len)

To do this, and also test & debug it with my vb6 application, i programmed this function:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
 
int _stdcall ReadString(char *window, int Point, int Len)
{
	char* value;

        HWND hWnd = FindWindow(NULL, window);
	DWORD proc_id; 
	GetWindowThreadProcessId(hWnd, &proc_id); 

	HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, proc_id);
	
	ReadProcessMemory(hProcess, (LPVOID)Point, &value, 7, 0); 
	
	//if (value == 'Example')
        //{
        //       return 10;
        //}


	//CloseHandle(hProcess); Is actually necessary this?
	return 0;
}


For example, i would like to read the string in a certain address i would especify like 0x00F15130. In that address there's a string: "Example" (7 len). I would like to compare it and verify if actually it is "Example" or is another string like "asdagjkf" or whatever.
I tried many things but the part of the IF sentence still not working.
When i debug my dll and "add watches" y can see that &value has a value of 0xADDRESSHERE and then "Example" the string i'm looking for.

Than you so much for reading my post.
I hope you can understand me without problems because my english is not the best.

Shalvaid

ps: I am using VC++ 6.0
Galik (2254)
I think you probably want something more like this:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
 
int _stdcall ReadString(char *window, int Point, int Len)
{
	char value[128]; // allocate some space for the received value

        HWND hWnd = FindWindow(NULL, window);
	DWORD proc_id; 
	GetWindowThreadProcessId(hWnd, &proc_id); 

	HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, proc_id);
	
	ReadProcessMemory(hProcess, (LPVOID)Point, value, 128, 0); 
	
	if(!strncmp(value, "Example", 7))
        {
               // found
        }


	//CloseHandle(hProcess); Is actually necessary this?
	return 0;
}


NOTE: I don't program for Windows, so not an expert :)
Last edited on
Shalvaid (3)
Thank you so much for your help. I receive an error: Unhandled exception in MyDll.exe (MYDLL.DLL): 0x0000005: Access Violation, and then crash (running directly from my MyDLL.exe application. And debugging it through vc++ 6.0 y receive the same error but asking me to "Enter the path of STRNCMP.ASM.

I've received this error in the past, trying to do something like this, but I dont know how to fix it.

Thanks a lot.


My VB 6.0 Code:

1
2
3
4
5
 
Private Declare Function ReadString Lib "MyDLL.dll" (ByVal Window As String, ByVal Pointer As Long, ByVal xLen As Long) As Long

Private Sub Command1_Click()
MsgBox ReadString("WindowToRead", CLng("&H" & "00F15130"), 7)
End Sub
Last edited on
Shalvaid (3)
Thanks you so much Galik. I didn't initialize my pointer, so now I' ve done and this is my code working:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
char* _stdcall ReadString(char *window, int Point, int Len)
{
	//char *value = (char*)malloc(Len+1) = {0};
	char value[8] = {0};

    HWND hWnd = FindWindow(NULL, window);
	DWORD proc_id; 
	GetWindowThreadProcessId(hWnd, &proc_id); 

	HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, proc_id);
	
	BOOL bReturn = ReadProcessMemory(hProcess, (LPVOID)Point, &value, 7, 0); 
	if ( bReturn == 0 )
	{
	   DWORD lastError = GetLastError();
	  // error 
	}
	else
	{
	   // success
		return value;
	}
}


I had tried to compare my 2 values 3 days ago using strcmp, but it was not working because the readprocessmemory was wrong... Now it is reading the correct value, and I'm trying to make a routine to find a text value from visual basic. This is what i've done:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
 
int _stdcall SearchString(char *window, char *Text)
{
	long int x;
	
    for(x = 0; x < 80000000; x++) // This is a fucking disaster
	{
          if (strcmp(ReadString(window, x, sizeof(Text)), Text) == 0)
          {
                return x;                     
          }
	}

	return 0;

}


That routine, i will call through vb6, with the window name and the text to search. I don't know why but it still not working properly. And I know there's a way to get the base address of a process to start searching since it like 0x40000000 but it changes on Windows 7 or Windows Vista, so i guess mi app will crash and will not work properly.

That routine, i will call through vb6, with the window name and the text to search. I don't know why but it still not working properly. And I know there's a way to get the base address of a process to start searching since it like 0x40000000 but it changes on Windows 7 or Windows Vista, so i guess mi app will crash and will not work properly.

I've tried an example with apis but it gives me errors. And also search examples for EnumProcessModules and those apis but they only work on 32bits.

Thank you again. I'll continue trying to improve and fix my routine. If anyone know how to fix it, thanks again.

Regards
Topic archived. No new replies allowed.