ReadProcess not working, help pls?

delphi package - easy access to kernel objects etc.

ReadProcess not working, help pls?

Postby wellworld » Fri Aug 10, 2018 2:31 pm

I use Delphi XE and I'm trying to read a section of process memory for my own app, as a check, but it is not working using MadKernel. I know I'm doing "Something" wring but I am getting lost. When I do the check using normal OpenProcess/ReadProcessMemory API calls, it works fine.

The problem is, I want to get away from API calls because a few games I play like to hook the API calls I use, occasionally crashing my app. I'm new to Madshi's code, so I'm still learning how to do process reads. For my tests, I am looking for the word "test" displayed in my app, at $4010C8, so I made a read buffer of 4 bytes, read 4 bytes, and get the wrong answer every time.

So my problem:

Code: Select all
var
  Gamehandle : IHandle;
  MyProcess : IProcess;
  PID, Address, Dest, Dcount : Integer;
  apppath : string;
  databuff : pointer;

begin
  gamehandle:=process('TestApp.exe').GetHandle(PROCESS_ALL_ACCESS); <-- Get Handle OK
  myprocess:=process(gamehandle);  <-- Set it into an IProcess

  apppath:=process('TestApp.exe').exefile;  <--- Get App Path, make sure I access the right process OK
  label1.Caption:=apppath;

  pid:=myprocess.ID;                         <---Get Process ID, make sure I'm reading right process OK
  label2.Caption:=inttohex(pid,8);

  databuff:=myprocess.AllocMem(4);
  dest:=$4010C8;   <-- Location in my app I want to check
  dcount:=4;          <-- Buffer to Read 4 Bytes (Integer)
  myprocess.ReadMemory(dest,address,dcount);            <<Returns 00000000 instead of $74736574 ('test')
  label3.Caption:=inttohex(address,8);

  myprocess.FreeMem(databuff);
end;
wellworld
 
Posts: 4
Joined: Tue Jul 31, 2018 5:07 pm

Re: ReadProcess not working, help pls?

Postby madshi » Fri Aug 10, 2018 2:44 pm

madKernel really mostly just uses the win32 APIs internally, so whether you call the APIs yourself (if you know how to) or whether you use madKernel, won't make much of a difference, if somebody else is hooking the underlying APIs.

Anyway, a few comments about your code:

1) "myprocess:=process(gamehandle)" is superfluous because "process('testApp.exe')" already gave you an IProcess interface.
2) The myprocess.ReadMemory "address" parameter is not defined anywhere. I suppose you meant to use "databuff" there?
3) The myprocess.ReadMemory parameters are "var"/"const" without any type, which means you have to use "dest^" and "databuff^" to get the expected results.
madshi
Site Admin
 
Posts: 9759
Joined: Sun Mar 21, 2004 5:25 pm

Re: ReadProcess not working, help pls?

Postby wellworld » Sat Aug 11, 2018 9:19 am

Working with your units is new, and confusing. I've been doing API calls for years
>1) "myprocess:=process(gamehandle)" is superfluous because "process('testApp.exe')" already gave you an IProcess interface.

GameHandle is an IHandle
MyProcess is an IProcess

So an IHandle and IProcess are basically identical?

>2) The myprocess.ReadMemory "address" parameter is not defined anywhere. I suppose you meant to use "databuff" there?

Address was an integer defined at the top, along with PID
Databuff is a pointer to the allocated memory for a later memory write

>3) The myprocess.ReadMemory parameters are "var"/"const" without any type, which means you have to use "dest^" and "databuff^" to get the expected results

>from your online manual:
>function IProcess.ReadMemory (const source; var dest; count: integer) : boolean;

You use pointers to the vars/const, not the vars/const themselves?
When I try to compile:
myprocess.ReadMemory(dest,address,dcount); <-- it compiles, but does not work
myprocess.ReadMemory(dest^,address^,dcount); <-- it does not compile
myprocess.ReadMemory(dest^,databuff^,dcount); <--it compiles, but does not work
wellworld
 
Posts: 4
Joined: Tue Jul 31, 2018 5:07 pm

Re: ReadProcess not working, help pls?

Postby madshi » Sat Aug 11, 2018 9:31 am

wellworld wrote:>1) "myprocess:=process(gamehandle)" is superfluous because "process('testApp.exe')" already gave you an IProcess interface. So you should do this instead:

1) myprocess:=process('TestApp.exe');
gamehandle:=process('TestApp.exe').GetHandle(PROCESS_ALL_ACCESS); <-- Get Handle OK

GameHandle is an IHandle
MyProcess is an IProcess

So an IHandle and IProcess are basically identical?

No. But you're doing a lot of superfluous steps in your code.

process('testApp.exe') returns an IProcess.
process('testApp.exe').GetHandle() returns an IHandle.
process(gamehandle) returns an IProcess.

So instead of all that you can get rid of the whole GetHandle call and replace both lines of code with simply "myprocess:=process('testApp.exe')". No need to use GetHandle at all.

wellworld wrote:myprocess.ReadMemory(dest,address,dcount); <-- it compiles, but does not work
myprocess.ReadMemory(dest^,address^,dcount); <-- it does not compile
myprocess.ReadMemory(dest^,databuff^,dcount); <--it compiles, but does not work

I still don't understand that purpose of databuff. You allocate it and free it, but you never actually use it. Anyway, try using "dest^, address, dcount".
madshi
Site Admin
 
Posts: 9759
Joined: Sun Mar 21, 2004 5:25 pm

Re: ReadProcess not working, help pls?

Postby wellworld » Sat Aug 11, 2018 9:53 am

I am using address as a receiver, not assigning it a value.
I am using Dest as the source, assigning it a location.
I am using Databuff as a pointer to allocmem assigned (in-process writes)
I am using Delphi XE, which does not use the NativeUInt (introduced in XE2)

These are the API calls I normally use, and work as long as the API calls are not hooked:
var
PID, Address, Data, IDRead : integer;
Written : Cardinal;
Gamehandle : THandle;

begin
Gamehandle:=FindWindow(nil,'Hero Plus");
PID:= GetProcessID(GameHandle);
IDRead := OpenProcess(PROCESS_ALL_ACCESS,false,PID);
if IDRead>0 then readProcessMemory(IDRead, Pointer(Address), @Data, 4, Written);
closehandle(IDRead);
end;

I am trying to duplicate this routine using your units, preferably Ring3 or lower, to work around hooked API calls
As for DataBuff, that is allocated memory buffer, for keyboard mapping/filemap. I did not include the filemapping
code because it was not related to the readprocess question. If I can't read process memory, then I can't write to it.
Last edited by wellworld on Sat Aug 11, 2018 10:02 am, edited 1 time in total.
wellworld
 
Posts: 4
Joined: Tue Jul 31, 2018 5:07 pm

Re: ReadProcess not working, help pls?

Postby madshi » Sat Aug 11, 2018 10:01 am

I think I edited my post while you were already replying, sorry about that. Please re-read my comment, there's a suggestion there which I think will work.

In any case, as I already indicated in my original post, madKernel is mostly just a wrapper around the win32 APIs. So using madKernel will not help you work around hooked APIs.
madshi
Site Admin
 
Posts: 9759
Joined: Sun Mar 21, 2004 5:25 pm

Re: ReadProcess not working, help pls?

Postby wellworld » Sat Aug 11, 2018 10:16 am

Thanks. I appreciate the time you put into the coding, and testing. And taking the time to help clear the cobwebs here. I took a 4 year hiatus from coding and things have changed a bit 8^D Time for me to finally install Seattle, I guess.
wellworld
 
Posts: 4
Joined: Tue Jul 31, 2018 5:07 pm


Return to madKernel

Who is online

Users browsing this forum: No registered users and 1 guest

cron