Reading the memory of a process
-
I am trying to read the memory being used by a process but I can't quite figure out how to do it (or if it's even possible). I can get a reference to the process using Process.GetProcessesByName and I can get the base address using Process.MainModule.BaseAddress (which returns a IntPtr). I thought that by using IntPtr.ToPointer() and casting to a char* I would be able to read the memory as a stream of chars but it doesn't work because it always throws a NullReferenceException when I try and dereference the pointer. Can anybody help me out here? Thanks
class Class1 { [STAThread] static unsafe void Main(string[] args) { Process[] p = Process.GetProcessesByName("notepad"); ProcessModule pm = p[0].MainModule; Console.WriteLine(pm.BaseAddress); char* ptr = (char*) pm.BaseAddress.ToPointer(); char c = *ptr; // Throws System.NullReferenceException Console.WriteLine(c); Console.ReadLine(); } }
"Where do we go to get our good name back?...we go where we always go when a dramatic change is needed. We go to the ballot box" - Al Gore 5/26/04
-
I am trying to read the memory being used by a process but I can't quite figure out how to do it (or if it's even possible). I can get a reference to the process using Process.GetProcessesByName and I can get the base address using Process.MainModule.BaseAddress (which returns a IntPtr). I thought that by using IntPtr.ToPointer() and casting to a char* I would be able to read the memory as a stream of chars but it doesn't work because it always throws a NullReferenceException when I try and dereference the pointer. Can anybody help me out here? Thanks
class Class1 { [STAThread] static unsafe void Main(string[] args) { Process[] p = Process.GetProcessesByName("notepad"); ProcessModule pm = p[0].MainModule; Console.WriteLine(pm.BaseAddress); char* ptr = (char*) pm.BaseAddress.ToPointer(); char c = *ptr; // Throws System.NullReferenceException Console.WriteLine(c); Console.ReadLine(); } }
"Where do we go to get our good name back?...we go where we always go when a dramatic change is needed. We go to the ballot box" - Al Gore 5/26/04
What is the purpose of what you are trying to do? - Nick Parker
My Blog | My Articles -
What is the purpose of what you are trying to do? - Nick Parker
My Blog | My Articles -
Writing a trainer
"Where do we go to get our good name back?...we go where we always go when a dramatic change is needed. We go to the ballot box" - Al Gore 5/26/04
That still doesn't explain what you are trying to do with your example above. - Nick Parker
My Blog | My Articles -
I am trying to read the memory being used by a process but I can't quite figure out how to do it (or if it's even possible). I can get a reference to the process using Process.GetProcessesByName and I can get the base address using Process.MainModule.BaseAddress (which returns a IntPtr). I thought that by using IntPtr.ToPointer() and casting to a char* I would be able to read the memory as a stream of chars but it doesn't work because it always throws a NullReferenceException when I try and dereference the pointer. Can anybody help me out here? Thanks
class Class1 { [STAThread] static unsafe void Main(string[] args) { Process[] p = Process.GetProcessesByName("notepad"); ProcessModule pm = p[0].MainModule; Console.WriteLine(pm.BaseAddress); char* ptr = (char*) pm.BaseAddress.ToPointer(); char c = *ptr; // Throws System.NullReferenceException Console.WriteLine(c); Console.ReadLine(); } }
"Where do we go to get our good name back?...we go where we always go when a dramatic change is needed. We go to the ballot box" - Al Gore 5/26/04
There is an excellent article on this very website on doing what you trying to achieve. Minesweeper, Behind the Scenes[^]
-
That still doesn't explain what you are trying to do with your example above. - Nick Parker
My Blog | My ArticlesI thinks he means a GAME trainer, to modify inprocess memory. top secret xacc-ide 0.0.1
-
I thinks he means a GAME trainer, to modify inprocess memory. top secret xacc-ide 0.0.1
-
There is an excellent article on this very website on doing what you trying to achieve. Minesweeper, Behind the Scenes[^]
Thanks, that's a great article. I have got as far as using PInvoke with the OpenProcess and ReadProcessMemory functions, but the article doesn't use the WriteProcessMemory which I'm having trouble with. I got it working and got it to change the area of memory which I am sure is the right place, but it hung the game :( I'm not sure if I'm just messing with the wrong place or if I'm doing something wrong. Oh well. I was only doing it for a bit of fun.
"Where do we go to get our good name back?...we go where we always go when a dramatic change is needed. We go to the ballot box" - Al Gore 5/26/04