Searching memory.
Hi.
If i know the handle of a process,
how can i search for a specific value in memory (of the process) and write to it (change the value) ?
Thanks in advance.
If i know the handle of a process,
how can i search for a specific value in memory (of the process) and write to it (change the value) ?
Thanks in advance.
ASKER
Hi tobjectpascal. Thank you :)
Well some questions...
You say : "you should call it like : ReadProcMem('Hi',Ptr($4444
I'll only know the value for example (6 lifes left)... value = 6
How can i call it ? >>
ReadProcMem('Super Game',?????,6);"
The question about searching the memory space for the specific value stands.
And probably its going to take multiple searches to see if those values changed.
(creating a list & excluding addresses that dont have this value any more).
If i first check for '6' for example it will bring about 2000 results at least (imagine searching for 1).
I need a search method that will bring back the address.
Well some questions...
You say : "you should call it like : ReadProcMem('Hi',Ptr($4444
I'll only know the value for example (6 lifes left)... value = 6
How can i call it ? >>
ReadProcMem('Super Game',?????,6);"
The question about searching the memory space for the specific value stands.
And probably its going to take multiple searches to see if those values changed.
(creating a list & excluding addresses that dont have this value any more).
If i first check for '6' for example it will bring about 2000 results at least (imagine searching for 1).
I need a search method that will bring back the address.
ASKER
Is it possible to know where the address of this application in memory start and end and
search all the values inside ?
search all the values inside ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Meldrachaun thanks but i cant make it work.
I use it like this : ProcessID :=Form1.Handle;
RaiseLastOSError always raises an error.
I use it like this : ProcessID :=Form1.Handle;
RaiseLastOSError always raises an error.
The process ID is not the same as a window handle. If you are trying to test this on your current app, replace the
ProcessHandle := OpenProcess code above with
ProcessHandle := GetCurrentProcess;
You also should remove the
CloseHandle(ProcessHandle)
code.
OR - you can get the process ID from the Window handle using the GetWindowThreadProcessId
see http://msdn2.microsoft.com/en-us/library/ms633522.aspx
ProcessHandle := OpenProcess code above with
ProcessHandle := GetCurrentProcess;
You also should remove the
CloseHandle(ProcessHandle)
code.
OR - you can get the process ID from the Window handle using the GetWindowThreadProcessId
see http://msdn2.microsoft.com/en-us/library/ms633522.aspx
ASKER
I've tried
ProcessID :=GetCurrentProcess;
ProcessID := GetWindowThreadProcessId(F
But i still get the errors...
ProcessID :=GetCurrentProcess;
ProcessID := GetWindowThreadProcessId(F
But i still get the errors...
GetWindowThreadProcessID returns a handle to a thread. To get the process ID, you pass the process ID as the second parameter. I just tested it, and it worked for me like this:
GetWindowThreadProcessID(F
I'm testing this on a Windows XP machine.
GetWindowThreadProcessID(F
I'm testing this on a Windows XP machine.
ASKER
Sorry for not posting earlier.
Well
I've tried this :
ProcessID := GetWindowThreadProcessID(F
ShowMessage('Form PID : '+IntToStr(ProcessID)); /// Everyhting ok here...
ProcessHandle := OpenProcess(PROCESS_QUERY_
PROCESS_VM_READ or PROCESS_VM_WRITE, false, ProcessID);
ShowMessage('Form HID : '+IntToStr(ProcessHandle))
Well
I've tried this :
ProcessID := GetWindowThreadProcessID(F
ShowMessage('Form PID : '+IntToStr(ProcessID)); /// Everyhting ok here...
ProcessHandle := OpenProcess(PROCESS_QUERY_
PROCESS_VM_READ or PROCESS_VM_WRITE, false, ProcessID);
ShowMessage('Form HID : '+IntToStr(ProcessHandle))
Don't do
ProcessID := GetWindowThreadProcessID(F
Just do
GetWindowThreadProcessID(F
ProcessID := GetWindowThreadProcessID(F
Just do
GetWindowThreadProcessID(F
ASKER
Thank you very much for your time & your help :)
you're welcome.
var
Wnd : Hwnd;
ph,pid : dword;
BytesRead : Cardinal;
begin
Result := '';
Wnd := FindWindow(nil,pchar(Windo
if Wnd = 0 then exit;
GetWindowThreadProcessID(W
ph := OpenProcess(PROCESS_ALL_AC
SetLength(Result,Len);
ReadProcessMemory(ph, Address, pointer(Result), len, BytesRead);
CloseHandle(ph);
end;
//thats about it, you should call it like : ReadProcMem('Hi',Ptr($4444
Const
WindowTitle = 'Game Window'; // define the game's window name ;
Address1 = $4ab3485f; // define your address to poke ;
PokeValue1 = $32; // define what value to write ;
NumberOfBytes1 = 1; // define how many bytes to write
Address2 = $4ab3485c;
PokeValue2 = $11;
NumberOfBytes2 = 3;
procedure TForm1.Button1Click(Sender
Var
WindowName : integer;
ProcessId : integer;
ThreadId : integer; // defining variable's types ;
buf : PChar;
HandleWindow : Integer;
write : cardinal ;
begin
WindowName := FindWindow(nil,WindowTitle
If WindowName = 0 then // check if the game is running;
MessageDlg('The game must be running in the background. Run it now, and then try again.', mtwarning,[mbOK],0);
ThreadId := GetWindowThreadProcessId(W
HandleWindow := OpenProcess(PROCESS_ALL_AC
GetMem(buf,1);
buf^ := Chr(PokeValue1);
WriteProcessMemory(HandleW
FreeMem(buf);
closehandle(HandleWindow);
end;
procedure TForm1.Button1Click(Sender
Var
Wnd : Hwnd;
ph,pid : dword;
BytesRead : Cardinal;
Buffer: Array [0..255] of Char;
Address: Integer;
Begin
// Wnd := FindWindow(nil,pchar(Windo
// if Wnd = 0 then exit;
Wnd:=form1.Handle; //use self for now.
GetWindowThreadProcessID(W
ph := OpenProcess(PROCESS_ALL_AC
Address:=GetWindowLong(Wnd
BytesRead:=1;
While BytesRead<>0 do
Begin
ReadProcessMemory(ph, Pointer(Address), @Buffer, SizeOf(Buffer), BytesRead);
Richedit1.Lines.Add(Buffer
Inc(Address,Integer(BytesR
//read into buffer and repeat.
End;
CloseHandle(ph);
end;