ReadProcessMemory (or "What's wrong with my code?")
-
I'm trying to write a debugger for another program I've written, but I'm having trouble getting OutputDebugString messages from it. While it seems to me I'm doing everything ok, I get garbage as the string, even though the event correctly reports the size of the string. DEBUG_EVENT oDebugEvent; if (WaitForDebugEvent(&oDebugEvent, INFINITE)) { if (oDebugEvent.dwDebugEventCode == OUTPUT_DEBUG_STRING_EVENT) { char strTempString[1000] = ""; if (!ReadProcessMemory((HANDLE)dwProcessHandle, oDebugEvent.u.DebugString.lpDebugStringData, strTempString, oDebugEvent.u.DebugString.nDebugStringLength, NULL)) { printf("ReadProcessMemory() FAILED\n"); printf("ERROR NUMER: %d", GetLastError()); } else { printf("%s\n", strTempString); } } ContinueDebugEvent(oDebugEvent.dwProcessId, oDebugEvent.dwThreadId, DBG_CONTINUE); } The only thing I wonder about is the oDebugEvent.u.DebugString.lpDebugStringData I'm passing to ReadProcessMemory(). In MSDN, ReadProcessMemory() needs a "Pointer to the base address in the specified process from which to read." Does this mean I'm not passing the right value to it? If not, then what? Steve The Plant ps: as a side note, I've tried to indent the code, but it just shows up as a chunk. Anyway to fix that?
-
I'm trying to write a debugger for another program I've written, but I'm having trouble getting OutputDebugString messages from it. While it seems to me I'm doing everything ok, I get garbage as the string, even though the event correctly reports the size of the string. DEBUG_EVENT oDebugEvent; if (WaitForDebugEvent(&oDebugEvent, INFINITE)) { if (oDebugEvent.dwDebugEventCode == OUTPUT_DEBUG_STRING_EVENT) { char strTempString[1000] = ""; if (!ReadProcessMemory((HANDLE)dwProcessHandle, oDebugEvent.u.DebugString.lpDebugStringData, strTempString, oDebugEvent.u.DebugString.nDebugStringLength, NULL)) { printf("ReadProcessMemory() FAILED\n"); printf("ERROR NUMER: %d", GetLastError()); } else { printf("%s\n", strTempString); } } ContinueDebugEvent(oDebugEvent.dwProcessId, oDebugEvent.dwThreadId, DBG_CONTINUE); } The only thing I wonder about is the oDebugEvent.u.DebugString.lpDebugStringData I'm passing to ReadProcessMemory(). In MSDN, ReadProcessMemory() needs a "Pointer to the base address in the specified process from which to read." Does this mean I'm not passing the right value to it? If not, then what? Steve The Plant ps: as a side note, I've tried to indent the code, but it just shows up as a chunk. Anyway to fix that?
Hi, Just some stupid ideas: - could it be a Unicode/Ansi mismatch? (DebugString.fUnicode) - a dynamic buffer to store the result would be better, since you know the exact length of the string (otherwise you could have a buffer overrun) As for the indent problem, use <PRE> </PRE> tags to enclose the source code. Cheers, Paolo ------ "airplane is cool, but space shuttle is even better" (J. Kaczorowski)