Hello i hooked readprocessmemory and have some problems logging its lpBuffer
-
Hi, the problem is that the bytes what i get logged are disordered and not in proper row and somehow they are even splited. I used apimonitorig software and monitored readprocessmemory and sawed that it holds byte rows for sure this was the output from apimonitorig software : lpBuffer 0x014D0020: {4D 5A 90 00 03 00 00 00 04 00 00 00 This is my hooked readprocessmemory where i am trying to log the lpBuffer what is holding byte rows.
BOOL (__stdcall* pReadProcessMemory)(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead);
BOOL __stdcall hookedReadProcessMemory(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead)
{bool returning = pReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead); char\* mybytes = (char\*)lpBuffer; for (int i = 0; i < nSize; i++) Log( "lpBuffer: %x \\n", mybytes\[i\]); return returning;}
And the log output is like this:
lpBuffer: 4d lpBuffer: 5a lpBuffer: ffffff90 lpBuffer: 0 lpBuffer: 3 lpBuffer: 0 lpBuffer: 0 lpBuffer: 0 lpBuffer: 4 lpBuffer: 0 lpBuffer: 0 lpBuffer: 0 lpBuffer: ffffffff lpBuffer: ffffffff lpBuffer: 0 lpBuffer: 0 lpBuffer: ffffffb8Please help what i am doing wrong im out of ideas
-
Hi, the problem is that the bytes what i get logged are disordered and not in proper row and somehow they are even splited. I used apimonitorig software and monitored readprocessmemory and sawed that it holds byte rows for sure this was the output from apimonitorig software : lpBuffer 0x014D0020: {4D 5A 90 00 03 00 00 00 04 00 00 00 This is my hooked readprocessmemory where i am trying to log the lpBuffer what is holding byte rows.
BOOL (__stdcall* pReadProcessMemory)(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead);
BOOL __stdcall hookedReadProcessMemory(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead)
{bool returning = pReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead); char\* mybytes = (char\*)lpBuffer; for (int i = 0; i < nSize; i++) Log( "lpBuffer: %x \\n", mybytes\[i\]); return returning;}
And the log output is like this:
lpBuffer: 4d lpBuffer: 5a lpBuffer: ffffff90 lpBuffer: 0 lpBuffer: 3 lpBuffer: 0 lpBuffer: 0 lpBuffer: 0 lpBuffer: 4 lpBuffer: 0 lpBuffer: 0 lpBuffer: 0 lpBuffer: ffffffff lpBuffer: ffffffff lpBuffer: 0 lpBuffer: 0 lpBuffer: ffffffb8Please help what i am doing wrong im out of ideas
-
nah1337 wrote:
char* mybytes = (char*)lpBuffer;
Change it to :
unsigned char* mybytes = (unsigned char*)lpBuffer;
Just say 'NO' to evaluated arguments for diadic functions! Ash
-
Hi, it did not make any difference the log is still same: Here is the output lpBuffer: 4d lpBuffer: 5a lpBuffer: 90 lpBuffer: 0 lpBuffer: 3 lpBuffer: 0 lpBuffer: 0 lpBuffer: 0 lpBuffer: 4 lpBuffer: 0 lpBuffer: 0 lpBuffer: 0
-
I'm sorry but I don't see what is wrong with this ouptut; it is the same sequence of bytes shown in your orignal message as received in your memory buffer.
Just say 'NO' to evaluated arguments for diadic functions! Ash
-
I wanted to log them straight out i mean like in row not as separated like my log functions does it, but if that is impossible then its ok for me.