Read process memory

Discussion in 'Programming & Scripting' started by dschu012, Jan 22, 2009 with 6 replies and 814 views.

  1. dschu012

    dschu012 Member

    Messages:
    760
    Ratings:
    381
    Does anyone know how to read a processes memory much like the program CheatEngine does? Using some of Windows API there is this function but I can't seem to figure out how to use it correctly.
    Code:
    [DllImport("Kernel32.dll")]
    public static extern bool ReadProcessMemory
    (
    IntPtr hProcess,
    IntPtr lpBaseAddress,
    byte[] lpBuffer,
    UInt32 nSize,
    ref UInt32 lpNumberOfBytesRead
    );
    For hProcess I send it the handle of the current Process. But when it comes to the other arguments I am unsure of what exactly to do.

     
  2. mojobojo

    mojobojo Enthusiast

    Messages:
    694
    Ratings:
    96
    I have been wanting to know how to do this to make RTH for halo for the pc. Ive also wanted to do this because every memory editor I have found has a trojan or some other thing that gets detected by my antivirus software. People say that it never affected them but with my luck my computer would lock up.
     
  3. OP
    dschu012

    dschu012 Member

    Messages:
    760
    Ratings:
    381
    CheatEngine is a reliable memory editor. I more so just want to be able to read the memory, not write to it, in order to determine where exactly my bot program is in the game.

    Edit: I found a nice class that might help you. I think I just need to figure out the correct place to read.

    Code:
    using System;
    using System.Diagnostics;
    using System.Runtime.InteropServices;
    
    namespace PMR
    {
    /// <summary> 
    /// ProcessMemoryReader is a class that enables direct reading a process memory 
    /// </summary> 
    class ProcessMemoryReaderApi
    {
    // constants information can be found in <winnt.h> 
    [Flags]
    public enum ProcessAccessType
    {
    PROCESS_TERMINATE = (0x0001),
    PROCESS_CREATE_THREAD = (0x0002),
    PROCESS_SET_SESSIONID = (0x0004),
    PROCESS_VM_OPERATION = (0x0008),
    PROCESS_VM_READ = (0x0010),
    PROCESS_VM_WRITE = (0x0020),
    PROCESS_DUP_HANDLE = (0x0040),
    PROCESS_CREATE_PROCESS = (0x0080),
    PROCESS_SET_QUOTA = (0x0100),
    PROCESS_SET_INFORMATION = (0x0200),
    PROCESS_QUERY_INFORMATION = (0x0400)
    }
    
    // function declarations are found in the MSDN and in <winbase.h> 
    
    //      HANDLE OpenProcess( 
    //         DWORD dwDesiredAccess,  // access flag 
    //         BOOL bInheritHandle,    // handle inheritance option 
    //         DWORD dwProcessId       // process identifier 
    //         ); 
    [DllImport("kernel32.dll")]
    public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId);
    
    //      BOOL CloseHandle( 
    //         HANDLE hObject   // handle to object 
    //         ); 
    [DllImport("kernel32.dll")]
    public static extern Int32 CloseHandle(IntPtr hObject);
    
    //      BOOL ReadProcessMemory( 
    //         HANDLE hProcess,              // handle to the process 
    //         LPCVOID lpBaseAddress,        // base of memory area 
    //         LPVOID lpBuffer,              // data buffer 
    //         SIZE_T nSize,                 // number of bytes to read 
    //         SIZE_T * lpNumberOfBytesRead  // number of bytes read 
    //         ); 
    [DllImport("kernel32.dll")]
    public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);
    
    //      BOOL WriteProcessMemory( 
    //         HANDLE hProcess,                // handle to process 
    //         LPVOID lpBaseAddress,           // base of memory area 
    //         LPCVOID lpBuffer,               // data buffer 
    //         SIZE_T nSize,                   // count of bytes to write 
    //         SIZE_T * lpNumberOfBytesWritten // count of bytes written 
    //         ); 
    [DllImport("kernel32.dll")]
    public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);
    
    
    }
    
    public class ProcessMemoryReader
    {
    
    public ProcessMemoryReader()
    {
    }
    
    /// <summary>    
    /// Process from which to read       
    /// </summary> 
    public Process ReadProcess
    {
    get
    {
    return m_ReadProcess;
    }
    set
    {
    m_ReadProcess = value;
    }
    }
    
    private Process m_ReadProcess = null;
    
    private IntPtr m_hProcess = IntPtr.Zero;
    
    public void OpenProcess()
    {
    //         m_hProcess = ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id); 
    ProcessMemoryReaderApi.ProcessAccessType access;
    access = ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_READ
    | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_WRITE
    | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_OPERATION;
    m_hProcess = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
    }
    
    public void CloseHandle()
    {
    int iRetValue;
    iRetValue = ProcessMemoryReaderApi.CloseHandle(m_hProcess);
    if (iRetValue == 0)
    throw new Exception("CloseHandle failed");
    }
    
    public byte[] ReadProcessMemory(IntPtr MemoryAddress, uint bytesToRead, out int bytesRead)
    {
    byte[] buffer = new byte[bytesToRead];
    
    IntPtr ptrBytesRead;
    ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, bytesToRead, out ptrBytesRead);
    
    bytesRead = ptrBytesRead.ToInt32();
    //Debug.Assert(bytesRead == bytesToRead); 
    
    return buffer;
    }
    
    public void WriteProcessMemory(IntPtr MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
    {
    IntPtr ptrBytesWritten;
    ProcessMemoryReaderApi.WriteProcessMemory(m_hProcess, MemoryAddress, bytesToWrite, (uint)bytesToWrite.Length, out ptrBytesWritten);
    
    bytesWritten = ptrBytesWritten.ToInt32();
    }
    }
    }
    An example of using it. Can be found on this page
    [Click here to view the link]
     
  4. Nothinbeter2do

    Nothinbeter2do Banned

    Messages:
    2,425
    Ratings:
    526
    Well Cheat Engine is written in Delphi. So you might wanna download the source and look at it.
     
  5. mojobojo

    mojobojo Enthusiast

    Messages:
    694
    Ratings:
    96
    It giving me a message saying I can only run it in xp. Ive got vista.
     
  6. OP
    dschu012

    dschu012 Member

    Messages:
    760
    Ratings:
    381
    Vista has more security, you need to use a different approach
     
  7. mojobojo

    mojobojo Enthusiast

    Messages:
    694
    Ratings:
    96
    I downgraded to xp so it should work now.