0

I've done with the process read function and i'm stuck at this task.After some hours of searching on the web i found nothing about this.The question is .. how to extract the ascii strings from buffer?

if (ReadProcessMemory(hProcess, Ptr(baseAddr), buffer, mbi.RegionSize, bytesRead)) then
    //get string from buffer
2
Contributors
1
Reply
15
Views
3 Years
Discussion Span
Last Post by SalmiSoft
0

It used to be that you would know the address of the strings you want to read and read that block of memory with ReadProcessMemory, but I think nowadays Windows randomizes the layout of memory to prevent such techniques (for security reasons). My guess is that ReadProcessMemory originated at a date prior to that randomization.
Perhaps the best you can do is to read some memory and search through it for the strings you want. Exactly how you do that will depend on the application. Maybe you know a substring of the string you are looking for. Or you know the strings are null-terminated in which case you could search for NULLs and work back from there. Anyway, so far as I know, there is no "one size fits all" answer.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.