A log about Reading the memroy of Other Process in C++/WIN API--ReadProcessMemory()

Posted 2020-07-18

  Memory, is a complex module in Programing, especially on Windows.

  This time, I use cpp with win windows api{

    VirtualQueryEx();         //Get the available memory page(block)

    ReadProcessMemory();  //Read the specific memory

    LookupPrivilegeValue(); //Get the avalible Privileges in windows

    AdjustTokenPrivileges();//Enable or disable privilege for specific process

  }

  

  Now, we skip the step of getting privilege, and directly talking about the detail of reading memories.

  At first, we should understand that we cannot directly read memory at once by giving a big number of memory required.

  Normally, we should make a loop to record the detail of every pages(blocks) of memory [VirtualQueryEx()] and Read them [ReadProcessMemory()].

  

 1 while (true)
 2 {
 3     if (VirtualQueryEx(hProcess, (LPVOID)cur_addr, &meminf, dwInfoSize) == 0)
 4         break;
 5     if (!(meminf.State == MEM_COMMIT || meminf.State == MEM_IMAGE || meminf.State == MEM_MAPPED))
 6     {
 7         cur_addr = (DWORD)meminf.BaseAddress + meminf.RegionSize;
 8         continue;
 9     }
10     if ((dbg = ReadProcessMemory(hProcess, (LPCVOID)meminf.BaseAddress, memget, meminf.RegionSize, &ReadSize)) == false)
11         cout << "Failed to read memory at address:" << meminf.BaseAddress << endl;
12     else
13         memget += meminf.RegionSize;
14     cur_addr = (DWORD)meminf.BaseAddress + eminf.RegionSize;
15 }