I wrote a small function for reading the memory of the process, but when it is triggered, the program on which the experiments are conducted flies. What am I doing wrong? Code:

DWORD ReadMemory(DWORD address) { if (!IsBadReadPtr((void*)address, 0x10)) { DWORD buffer = 0; HANDLE phandle = OpenProcess(PROCESS_ALL_ACCESS, 0, GetCurrentProcessId()); if (phandle == NULL) { MessageBoxA(NULL, "Error with handle", NULL, MB_OK); return NULL; } ReadProcessMemory(phandle, (void*)address, (LPVOID)&buffer, 4, NULL); CloseHandle(phandle); return buffer; } else { MessageBoxA(NULL, "Address wasn't finded", NULL, MB_OK); return NULL; }

}

  • Where exactly flies? What is x86 or x64? - Cerbo
  • x64, this is a dll, I inject it into the process. I call like this: MessageBoxA (NULL, (LPCSTR) ReadMemory (0x01005194), NULL, MB_OK); - The Nexsus
  • Look under the debugger where it crashes. - Cerbo

1 answer 1

Judging by the code, the read function is called:

 MessageBoxA(NULL,(LPCSTR)ReadMemory(0x01005194), NULL, MB_OK);

(if it is actually called this way), departures are quite possible (and may even be more likely than normal program termination), because the MessageBoxA () function as the second parameter LPCTSTR lpText (pointer to the text string) is passed the return value from ReadMemory ( ), i.e. integer (DWORD buffer), which is not necessarily a valid pointer to a string.

Moreover, if the memory being checked is unreadable (i.e., the IsBadReadPtr () function returns TRUE), the ReadMemory () function returns NULL, which will cause the program to crash anyway trying to pass it as a string address to the MessageBoxA () function.

If the checked memory is readable, then the ReadMemory () function reads 4 bytes at the checked address and returns the read value as a pointer to a string. Are you sure that the addresses you check always contain valid pointers to strings? If this is not the case, then we also get the crash "The program has addressed to an invalid memory address" on the call to MessageBoxA ().