Good time of day.
I have a java process that contains a string.
When you dump all the lines with CheatEngine, this line is there.
But when I try to dump using C # code, this line is not detected there.
I use this tutorial: http://www.codingvision.net/security/c-how-to-scan-a-process-memory
SYSTEM_INFO sys_info = new SYSTEM_INFO(); GetSystemInfo(out sys_info); IntPtr proc_min_address = sys_info.minimumApplicationAddress; IntPtr proc_max_address = sys_info.maximumApplicationAddress; long proc_min_address_l = (long)proc_min_address; long proc_max_address_l = (long)proc_max_address; Process process = Process.GetProcessesByName("java")[0]; IntPtr processHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_WM_READ, false, process.Id); MEMORY_BASIC_INFORMATION mem_basic_info = new MEMORY_BASIC_INFORMATION(); int bytesRead = 0; var bList = new List<byte>(); while (proc_min_address_l < proc_max_address_l) { label1.Invoke((Action)delegate { label1.Text = $"{proc_min_address}/{proc_max_address} | {proc_min_address_l}/{proc_max_address_l}"; }); VirtualQueryEx(processHandle, proc_min_address, out mem_basic_info, 28); if (mem_basic_info.Protect == PAGE_READWRITE && mem_basic_info.State == MEM_COMMIT) { byte[] buffer = new byte[mem_basic_info.RegionSize]; ReadProcessMemory((int)processHandle, mem_basic_info.BaseAddress, buffer, mem_basic_info.RegionSize, ref bytesRead); for (int i = 0; i < mem_basic_info.RegionSize; i++) { bList.Add(buffer[i]); } } proc_min_address_l += mem_basic_info.RegionSize; proc_min_address = new IntPtr(proc_min_address_l); } var s = Encoding.Unicode.GetString(bList.ToArray()); if (s.Contains("<:>")) { MessageBox.Show("Found!"); } else { MessageBox.Show("Not found!"); } Tell me how to fix my code so that it correctly searches all the lines in the application's memory?
label1.InvokeandVirtualQueryExin one method. - VladD-XX:+UseCompressedStrings(can be 8-bit, ISO-8859-1 but only for strings) UTF-16 encoding. - VladD