VB.NET ReadProcessMemory ()

Navigation
0

I'm trying to read memory address values from a process.

At the moment I missed the error that I entered the wrong memory address. It is the variable HPaddr at which I start a value of 005C682C .

To read the memory address I used CheatEngine, and the memory address is the previous one, without modifying anything: 005C682C

The code is as follows: 

Public Class Form1
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal 
dwDesiredAcess As UInt32, ByVal bInheritHandle As Boolean, ByVal 
dwProcessId As Int32) As IntPtr
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess 
As IntPtr, ByVal lpBaseAddress As IntPtr, ByVal lpBuffer() As Byte, ByVal 
iSize As Integer, ByRef lpNumberOfBytesRead As Integer) As Boolean
Private Declare Function CloseHandle Lib "kernel32.dll" (ByVal hObject As 
IntPtr) As Boolean

Private _targetProcess As Process = Nothing 'to keep track of it. not used yet.
Private _targetProcessHandle As IntPtr = IntPtr.Zero 'Used for ReadProcessMemory
Private PROCESS_ALL_ACCESS As UInt32 = &H1F0FFF
Private PROCESS_VM_READ As UInt32 = &H10

Private HPaddr As IntPtr = "005C682C"

Public Function TryAttachToProcess(ByVal windowCaption As String) As Boolean
    Dim _allProcesses() As Process = Process.GetProcesses
    For Each pp As Process In _allProcesses
        If pp.MainWindowTitle.ToLower.Contains(windowCaption.ToLower) Then
            'found it! proceed.
            Return TryAttachToProcess(pp)
        End If
    Next
    MessageBox.Show("Unable to find process '" & windowCaption & ".' Is running?")
    Return False
End Function

Public Function TryAttachToProcess(ByVal proc As Process) As Boolean
    If _targetProcessHandle = IntPtr.Zero Then 'not already attached
        _targetProcess = proc
        _targetProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, False, _targetProcess.Id)
        If _targetProcessHandle = 0 Then
            TryAttachToProcess = False
            MessageBox.Show("OpenProcess() FAIL! Are you Administrator??")
        Else
            'if we get here, all connected and ready to use ReadProcessMemory()
            TryAttachToProcess = True
            MessageBox.Show("OpenProcess() OK")
        End If
    Else
        MessageBox.Show("Already attached! (Please Detach first?)")
        TryAttachToProcess = False
    End If
End Function

Public Sub DetachFromProcess()
    If Not (_targetProcessHandle = IntPtr.Zero) Then
        _targetProcess = Nothing
        Try
            CloseHandle(_targetProcessHandle)
            _targetProcessHandle = IntPtr.Zero
            MessageBox.Show("MemReader::Detach() OK")
        Catch ex As Exception
            MessageBox.Show("MemoryManager::DetachFromProcess::CloseHandle error " & Environment.NewLine & ex.Message)
        End Try
    End If
End Sub

Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
    Dim _myBytes(3) As Byte
    ReadProcessMemory(_targetProcessHandle, HPaddr, _myBytes, 4, vbNull)
    Label2.Text = BitConverter.ToInt32(_myBytes, 0)
End Sub

Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
    TryAttachToProcess("Pinball")
End Sub
End Class

The error is as follows:

Test:

And if I add quotes to this test, the error of the beginning comes out.

I hope you can help me! Greetings, and thank you very much!

    
asked by Adrian Hernando Solanas 18.05.2018 в 11:51
source

1 answer

1

IntPtr is a structure that represents a pointer integer to a memory address.

It has 3 constructors:

  • IntPtr (Int32)
  • IntPtr (Int64)
  • IntPtr (* void)

In your case, you want to initialize a IntPtr with an address in Hexadecimal. To indicate hexadecimal in Vb.net the prefix &H is used. So you must initialize the variable in the following way: 

Private HPaddr As IntPtr = New IntPtr(&H005C682C)
    
answered by 18.05.2018 / 12:19
source
Doubt with a test of a Java program ERROR: In file './docker-compose.yml', service must be a mapping, not a NoneType