• 0

[C#] Read Specific Memory Address from Process


Question

I'm trying to read a specific memory address from a selected Process.

I've never done anything like this, but I believe some languages have ReadProcessMemory & WriteProcessMemory Methods. But I can't find a specific one for C#, much less how to control their arguments.

I found one way to find the process in memory, and the following code will in fact shutdown the program.

But I want to access its' memory space to read and eventually modify the memory space using memory addresses.

  Quote
System.Diagnostics.Process[]myProcesses;

  myProcesses =

    System.Diagnostics.Process.GetProcessesByName("starcraft");

  foreach (System.Diagnostics.Process instance in myProcesses)

  {

    instance.CloseMainWindow();

   

  }

3 answers to this question

Recommended Posts

  • 0

If you want to do something this low level you are probably better off writing it using C/C++/Assembly. You should be able to call win32 functions from C#. You should check MSDN for ReadProcessMemory and it will tell you what parameters you need.

  • 0

Thanks for your fast Reply Andareed. I have the MSDN Library, and have been frequenting the more updated Online one for this case as well as google and ask.com, however I have limited knowledge in programming and in troubleshooting in this sort of development dealing with processes. I want to use C# to do this because that's what i'm studying and am most familiar with.

  Quote
[DllImport("kernel32.dll", SetLastError=false)]static extern int ReadProcessMemory ( int hProcess, ref object lpBaseAddress, ref object lpBuffer, int nSize, ref int lpNumberOfBytesWritten);

 

  [sTAThread]

  static void Main(string[] args)

  {

  Process[] myProcess = Process.GetProcessesByName("notepad");

 

  string vout,vout2;

  vout2 = ReadProcessMemory(68804,401F75,vout,6,6);

I have the Handle ID,

I know the Address I want to Read

The other Parameters I don't have any idea of.

I found This description of ReadProcessMemory, but i'm not sure I fully understand the parameter types. No need to visit here if you're familiar with the method.

  • 0

You need to get hProcess which is in Process.Handle, lpBaseAddress is your memory address (relative to target process), lpBuffer is pointer to a buffer (relative to this process) that receives data read, nSize is size of lpBuffer, lpNumberOfBytes is pointer to DWORD of how many bytes are actually read. I have very little C# experience so I have no idea how you would go about passing in buffer addresses.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Now I may not quite understand this, so someone tell me if I'm off the mark here, but does this mean they'll be potentially removing drivers for now unsupported systems, such as old processors and chipsets? In the past 15 years, Windows has been amazing at just installing on any device, and often having zero, or just a few unessential drivers missing on first install. It would be a shame for that experience to go, though I understand the reasoning, or at least their financial reasoning for it!
    • Microsoft is removing legacy drivers from Windows Update by Usama Jawad Last month, we learned that Microsoft is making major changes to the development of hardware drivers in Windows. This included the retirement of Windows Metadata and Internet Services (WMIS), along with the process for pre-production driver signing. Now, the Redmond tech firm has informed partners that it will be getting rid of old drivers in Windows Update. In what is being described as a "strategic" move to improve the security posture and compatibility of Windows, Microsoft has announced that it will be performing a cleanup of legacy drivers that are still being delivered through Windows Update. Right now, the first phase only targets drivers that already have modern replacements present in Windows Update. As a part of its cleanup process, Microsoft will expire legacy drivers so that it is not offered to any system. This expiration involves removing audience segments in the Hardware Development Center. Partners can still republish a driver that was deemed as legacy by Microsoft, but the firm may require a justification. Once the Redmond tech giant completes its first phase of this cleanup, it will give partners a six-month grace period to share any concerns. However, if no concerns are brought forward, the drivers will be permanently eradicated from Windows Update. Microsoft has emphasized that this will be a regular activity moving forward and while the current phase only targets legacy drivers with newer replacements, the next phases may expand the scope of this cleanup and remove other drivers too. That said, each time the company takes a step in this direction, it will inform partners so that there is transparency between both parties. Microsoft believes that this move will help improve the security posture of Windows and ensure that an optimized set of drivers is offered to end-users. The firm has asked partners to review their drivers in Hardware Program so that there are no unexpected surprises during this cleanup process.
    • No idea, but I had a client the other week that lost the entire drive to it. I suggested relying on the Samsung T7's instead. The Sandisk Extreme's had reliability issues too.
    • I use it every day so personally yes I need it, or rather I want it. I use OpenShell though, not the garbage modern Start Menu. I just counted and at the moment I have a total of 92 program shortcuts organized into six folders almost exactly the way I did back in Windows 95. I can get to any program I want to run very quickly. I never use Search to find or run programs.
    • I do miss the Apps view from Windows 8.1 Update.
  • Recent Achievements

    • One Month Later
      KynanSEIT earned a badge
      One Month Later
    • One Month Later
      gowtham07 earned a badge
      One Month Later
    • Collaborator
      lethalman went up a rank
      Collaborator
    • Week One Done
      Wayne Robinson earned a badge
      Week One Done
    • One Month Later
      Karan Khanna earned a badge
      One Month Later
  • Popular Contributors

    1. 1
      +primortal
      683
    2. 2
      ATLien_0
      274
    3. 3
      Michael Scrip
      220
    4. 4
      +FloatingFatMan
      171
    5. 5
      Steven P.
      160
  • Tell a friend

    Love Neowin? Tell a friend!