Solved

ReadProcessMemory Succeeds, WriteProcessMemory Fails

Posted on 2004-08-22
4
447 Views
Last Modified: 2012-05-05
I have a small problem, I'm developing a trainer(1st one) just for kicks for Minesweeper. All i'm trying to do is to change the mine display to a number different then its current display. When I read the process at that address I get 10, which is the display for the mines at the beginner level. But when i write to the process it fails although all parameters are accounted for and should work. Here's the source for you all.

' Needs the game "Minesweeper" open
' Needs two command buttons one named cmdPoke, the
' other cmd refresh
' Needs a listbox named lstHistory
' The form needs to be named frmMain
'Reserved for Constants
Private Const PROCESS_ALL_ACCESS = &H1F0FFF
'Reserved for Declarations
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVallpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal Classname As String, ByVal WindowName As String) As Long
'Reserved for Dim's
Dim uHwnd As Long
Dim uPID As Long
Dim uProcID As Long
Dim uName As String
Dim uNull As String

Private Sub cmdPoke_Click()
Dim Status
Call Peek(uPID, &H1005194)
Call Poke(uPID, &H1005194, &H99)
End Sub

Private Sub cmdRefresh_Click()
lstHistory.Clear
Call Connectto_Process
End Sub

Private Sub Poke(PokeHandle As Long, PokeAddress As Long, PokeValue As Variant)
Dim Status As Long
Status = WriteProcessMemory(PokeHandle, PokeAddress, PokeValue, Len(PokeValue), 0&)
If Status <> 0 Then
lstHistory.AddItem "Poking succeeded."
Else
lstHistory.AddItem "Poking failed."
End If
End Sub

Private Sub Peek(PeekHandle As Long, PeekAddress As Long)
Dim Status As Integer
Dim Buffer As Long
Status = ReadProcessMemory(PeekHandle, PeekAddress, Buffer, 2, 0&)
If Status <> 0 Then
lstHistory.AddItem "Peeking succeeded."
lstHistory.AddItem "Peeked Value: " & Buffer
Else
lstHistory.AddItem "Peeking failed."
End If
End Sub

Private Sub Connectto_Process()
uName = "MineSweeper"
uHwnd = FindWindow(vbNullString, uName)
If uHwnd <> 0 Then
lstHistory.AddItem "Found Program: " & uName
lstHistory.AddItem "Handle Located."
lstHistory.AddItem "Handle: " & uHwnd
GetWindowThreadProcessId uHwnd, uProcID
uPID = OpenProcess(PROCESS_ALL_ACCESS, False, uProcID)
If uPID <> 0 Then
lstHistory.AddItem "ProcessID Located."
lstHistory.AddItem "ProcessID: " & uProcID
Else
lstHistory.AddItem "ProcessID Not Found."
End If
Else
lstHistory.AddItem "Error Locating: " & uName
End If
End Sub

Private Sub Form_Load()
Call Connectto_Process
End Sub
0
Comment
Question by:neoaikon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 41

Accepted Solution

by:
graye earned 125 total points
ID: 11864467
It'd be helpful to know what OS...

Generally speaking it's considered a "no-no" to allow one program to alter another programs virtual memory.   This has become an even bigger deal with WinXP SP2, where writing to the code space is blocked.

So, unless you're willing to write a program/service in the Kernel mode (ring 0) I think this approach isn't gonna work.
0
 

Author Comment

by:neoaikon
ID: 11864660
I'm running XP with no service packs.
0
 

Author Comment

by:neoaikon
ID: 11865924
I managed to get it to work. XP has 2 functions written specically for the purpose of poking addresses. they are

Private Declare Function WriteString Lib "kernel32" Alias "WriteProcessMemory" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, ByVal lpNumberOfBytesWritten As Long) As Long

Private Declare Function WriteValue Lib "kernel32" Alias "WriteProcessMemory" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, ByVal lpNumberOfBytesWritten As Long) As Long

They allowed me to edit the value of mines in minesweeper and the score in solitare and spider solitare
0
 
LVL 1

Expert Comment

by:IvanCroatia
ID: 13303717
You can try to write a simple debugger-like  application. You would use CreateProcess API for this purpose. Then you will have all the rights for reading and writing the process's memory.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question