ReadProcessMemory Access violation

Question

Icemens 0 Newbie Poster

14 Years Ago

I've have tried to make a function that reads process memory in another process.
I have made a function that writes memory which works perfectly, but when i run the function ReadProcessMemory it comes with the error: "Access Violation".

The weird thing is it works fine when I do it in C++.
I think I remember something about EnableDebugPriv(), but in C++ it works fine without it.

ReadMemory: ; int ReadMemory(char *WindowName[], int address)
[ReadMemoryDataBuffer: DD 0]
[ReadMemoryReadData: DD 0]
    push ebp
    mov ebp, esp
        push DWORD[ebp + 8]
        push 0
        call 'USER32.FindWindowA'

        push ReadMemoryDataBuffer
        push eax
        call 'USER32.GetWindowThreadProcessId'

        push DWORD[ReadMemoryDataBuffer]
        push 1
        push 01F0FFF    ; ALL ACCESS
        call 'KERNEL32.OpenProcess'
        
        push DWORD[ReadMemoryDataBuffer]; extra
        push 4                          ; number of bytes to read
        push ReadMemoryReadData         ; pointer to read to
        push DWORD[ebp + 12]            ; address
        push eax                        ; Process
        call 'KERNEL32.ReadProcessMemory'
        
        mov eax, DWORD[ReadMemoryReadData]
    mov esp, ebp
    pop ebp
ret 8

Thanks in advance :)

assembly

1 Contributor
1 Reply
287 Views
8 Hours Discussion Span
Latest Post 14 Years Ago Latest Post by Icemens

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Icemens 0 Newbie Poster · Answer 1 · 2010-01-03T06:39:54+00:00

Nevermind, it was a little bug in the code. (line 19)

ReadMemory: ; int ReadMemory(char *WindowName[], int address)
[ReadMemoryDataBuffer: DD 0]
[ReadMemoryReadData: DD 0]
    push ebp
    mov ebp, esp
        push DWORD[ebp + 8]
        push 0
        call 'USER32.FindWindowA'

        push ReadMemoryDataBuffer
        push eax
        call 'USER32.GetWindowThreadProcessId'

        push DWORD[ReadMemoryDataBuffer]
        push 1
        push 01F0FFF    ; ALL ACCESS
        call 'KERNEL32.OpenProcess'
        
        push ReadMemoryDataBuffer; extra
        push 4                          ; number of bytes to read
        push ReadMemoryReadData         ; pointer to read to
        push DWORD[ebp + 12]            ; address
        push eax                        ; Process
        call 'KERNEL32.ReadProcessMemory'
        
        mov eax, DWORD[ReadMemoryReadData]
    mov esp, ebp
    pop ebp
ret 8