Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ReadProcessMemory

Posted on 2006-11-20
2
Medium Priority
?
1,166 Views
Last Modified: 2008-02-07
Hi,

When using read process memory, here is an example:

dim lngBaseAdd as long
dim lngResult as long
dim lngReadBytes as long

lngBaseAdd = &HF0129F 'or some arbitrary base address

When using the read process memory API you must pass the lngBaseAdd by value, why?

ReadProcessMemory hProcess, lngBaseAdd, lngResult, 4, lngReadBytes '<--- FAILS
ReadProcessMemory hProcess, byVal lngBaseAdd, lngResult, 4, lngReadBytes '<--- WORKS

I dont get why you must pass it by value.



Thanks.
Brian

0
Comment
Question by:BrianGEFF719
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 28

Accepted Solution

by:
Ark earned 2000 total points
ID: 17983709
Hi
Calling by ref is equal to calling by val using pointer to variable instead of variable itself:

ReadProcessMemory hProcess, lngBaseAdd, lngResult, 4, lngReadBytes

is equal to

ReadProcessMemory hProcess, ByVal VarPtr(lngBaseAdd), lngResult, 4, lngReadBytes

lngBaseAddress is a Long type variable, which is actual virtual address in remote process address space. When you pass it ByVal, you tell ReadProcessMemory API to read remote process memory, starting from this actual address, when pass it ByRef, you send to remote process not actual address, but pointer to your variable (VarPtr(lngBaseAddress)). Remote process get a value from this pointer in its own memory space (which can be 0 or any unpredicable value) and start reading from this value - and fail.
0
 
LVL 19

Author Comment

by:BrianGEFF719
ID: 17983809
Thanks Ark.


-Brian
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many ways to remove duplicate entries in an SQL or Access database. Most make you temporarily insert an ID field, make a temp table and copy data back and forth, and/or are slow. Here is an easy way in VB6 using ADO to remove duplicate row…
You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question