Hey,
I need to find a certain String in another Processes Memory and retrieve the address, but I have no Idea where to start
Find a String in Memory
hi
after a long time I had time to look at the method you mentioned.
Long Story Short. I Tried to work with VirtualQueryEx but I wasn't very successful.
I Created a dummy.exe with a global Variable '1121' in it.
In another App I tried to find that Value in Memory. Here is what I tried :
at the end, 'ergebnis' is empty
do you see, what I am doing wrong here?
after a long time I had time to look at the method you mentioned.
Long Story Short. I Tried to work with VirtualQueryEx but I wasn't very successful.
I Created a dummy.exe with a global Variable '1121' in it.
In another App I tried to find that Value in Memory. Here is what I tried :
Code: Select all
procedure TForm1.GetHProc;
var
hWnd : Cardinal;
begin
hWnd := FindWindow(nil,'Form4');
if hWnd = INVALID_HANDLE_VALUE then
exit;
GetWindowThreadProcessId(hWnd,@procid);
hProc := OpenProcess(PROCESS_ALL_ACCESS,FALSE,procid);
GetMemMinMax;
CloseHandle(hProc);
end;
procedure TForm1.GetMemMinMax;
var
mbi : TMemoryBasicInformation;
adress ,
start ,
ende : Cardinal;
begin
adress := $400000;
while adress < $80000000 do
begin
VirtualQueryEx(hProc,
ptr(adress),
mbi,
SizeOf(TMemoryBasicInformation));
if (mbi.State = MEM_COMMIT) and
(mbi.Protect = PAGE_READWRITE) and
(mbi.Type_9 = MEM_PRIVATE) then
begin
start := DWORD(mbi.BaseAddress);
ende := DWORD(mbi.BaseAddress) + mbi.RegionSize;
ScanMem(start,ende); // als hex?
end;
adress := adress + mbi.RegionSize;
end;
showmessage(ergebnis);
end;
procedure TForm1.ScanMem(start, ende: dword);
var
dwRead : DWORD;
iBuffer ,
adress : Integer;
begin
showmessage('start ' + inttostr(start) + #13#10 +
'ende ' + Inttostr(ende));
dwRead := 0;
iBuffer := 0;
for adress := start to ende - 1 do
begin
ReadProcessMemory(hProc,
ptr(adress),
@iBuffer,
SizeOf(Integer),
dwRead);
if iBuffer = 1121 then
ergebnis := ergebnis + inttostr(start) + #13#10
end;
end;
procedure TForm1.btnClick(Sender: TObject);
begin
GetHProc;
end;
do you see, what I am doing wrong here?
I think this "if" is much too restrictive:
Code: Select all
if (mbi.State = MEM_COMMIT) and
(mbi.Protect = PAGE_READWRITE) and
(mbi.Type_9 = MEM_PRIVATE) then