ReadProcessMemory fails in Windows 10 64 bit
-
Your
ReadProcessMemorycall is missing the destination parameter to read into; see https://msdn.microsoft.com/en-gb/library/windows/desktop/ms680553(v=vs.85).aspx[^].Thanks, the post fixed. Real program contains the buffer parameter, of course.
-
Thanks, the post fixed. Real program contains the buffer parameter, of course.
-
Member 11917640 wrote:
Real program contains ...
Then use copy and paste, so we can see exactly what your code is doing.
Thanks, this really helps.
-
Consider the following two programs. One is the console application with this code:
int main()
{
char *p = new char[100];
return 0;
}I run this program in Debug configuration and break on return 0 line. I the Watch window I see p variable value. The second program:
HANDLE hProcess = OpenProcess( PROCESS_VM_READ, FALSE ,
processId ); // ID of the process under debuggerif ( hProcess == NULL ) return;
char p[100];if (!ReadProcessMemory(hProcess,
address, // value of p variable from the process under debugger
p, 100,
&NumberOfBytesRead))
{
// error handling
}ReadProcessMemory is successful both in 32 and 64 bit (both program are compiled in Win32 or x64 configuration). Environment: Windows 7 64 bit, Visual Studio 2010. It also works in previous Windows versions. Now I try the same in Windows 10 64 bit. Both programs in 32 bit - OK. 64 bit: ReadProcessMemory returns FALSE with last error 299: Only part of a ReadProcessMemory request was completed. I tried: 1. To replace PROCESS_VM_READ with PROCESS_ALL_ACCESS 2. To run the second program as administrator 3. To use different Visual Studio versions (2010, 2015). Still doesn't help. ReadProcessMemory fails in Windows 10 for 64 bit processes. Edit: I tried to write this code from scratch, and it is working. So, the problem is somewhere in the original project, I don't know the solution yet, but API is working.
What data type is the
addressvariable? What does theNumberOfBytesReadshow after the call?The difficult we do right away... ...the impossible takes slightly longer.
-
What data type is the
addressvariable? What does theNumberOfBytesReadshow after the call?The difficult we do right away... ...the impossible takes slightly longer.
1. ULONG_PTR 2. 0
-
Consider the following two programs. One is the console application with this code:
int main()
{
char *p = new char[100];
return 0;
}I run this program in Debug configuration and break on return 0 line. I the Watch window I see p variable value. The second program:
HANDLE hProcess = OpenProcess( PROCESS_VM_READ, FALSE ,
processId ); // ID of the process under debuggerif ( hProcess == NULL ) return;
char p[100];if (!ReadProcessMemory(hProcess,
address, // value of p variable from the process under debugger
p, 100,
&NumberOfBytesRead))
{
// error handling
}ReadProcessMemory is successful both in 32 and 64 bit (both program are compiled in Win32 or x64 configuration). Environment: Windows 7 64 bit, Visual Studio 2010. It also works in previous Windows versions. Now I try the same in Windows 10 64 bit. Both programs in 32 bit - OK. 64 bit: ReadProcessMemory returns FALSE with last error 299: Only part of a ReadProcessMemory request was completed. I tried: 1. To replace PROCESS_VM_READ with PROCESS_ALL_ACCESS 2. To run the second program as administrator 3. To use different Visual Studio versions (2010, 2015). Still doesn't help. ReadProcessMemory fails in Windows 10 for 64 bit processes. Edit: I tried to write this code from scratch, and it is working. So, the problem is somewhere in the original project, I don't know the solution yet, but API is working.
-
What data type is the
addressvariable? What does theNumberOfBytesReadshow after the call?The difficult we do right away... ...the impossible takes slightly longer.
Thank you for the help, this code is working when rewritten from scratch, so the problem is somewhere else in the original project.
-
address, // address of p variable from the process under debugger
Should that not be the contents of
p, i.e. whatever variablepis pointing to?Thank you for the help, this code is working when rewritten from scratch, so the problem is somewhere else in the original project.
-
Thank you for the help, this code is working when rewritten from scratch, so the problem is somewhere else in the original project.
-
I don't know yet, it is very old and messy code. Maybe I need to rewrite it from scratch and forget about this junk...
