Search code examples
c++pointerswinapireadprocessmemory

Reading a pointer from another process memory


I'm trying to read a pointer from another process. I can read the content of the pointer, and I actually receive an address, but what I want to do is to go one step beyond that and take the value inside the received address. I think i'm doing it wrong, or else I guess it's not possible the way I'm doing it?

Here's my code:

#include <iostream>
#include <windows.h>
using namespace std;

int main() {

    DWORD pid;
    int **buffer = NULL;
    cout << "Current PID: " << GetCurrentProcessId();
    cout << "\nTarget PID: ";
    cin >> pid;

    HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);

    if (handle == NULL) {
        cout << "\nCant open process. Error Code: " << GetLastError();
        return EXIT_FAILURE;
    }

    else {
        ReadProcessMemory(handle, (LPCVOID)0x5BF9A4, &buffer, sizeof(buffer), NULL); // &*buffer maybe?
        if (ReadProcessMemory == 0) { 
            cout << "\nRPM failed, ERROR_CODE: " << GetLastError();
            return EXIT_FAILURE;
        }
    }

    cout << "\nBuffer: " << buffer << endl;
    //cout << "Buffer 1st hop: " << *buffer << endl; // Wont execute. Crashed maybe?
    //cout << "Buffer 2nd hop: " << **buffer << endl;
    CloseHandle(handle);
    if (CloseHandle != 0){
        cout << "Handle to process destroyed successfully.\n";
    }
    system("pause");

    return 0;
}

Solution

  • I’m not sure if I misunderstood, you may have the process like below:

    #include <windows.h>
    #include <iostream>
    
    int main()
    {
        int data = 10;
        int* p = &data;
        int** pp = &p;
        printf("pid = %d\n", GetCurrentProcessId());
        printf("p = %x\n",p);
        printf("pp = %x\n", pp);
        printf("address of pp = %x\n", &pp);
        return 0;
    }
    

    You have the address of pp, and want to get the value of data?

    The address space for each process is private unless it shared. You just read the value of the local variable pp through the address, you also need to read the address pp again to get the value of p, and finally read the address of p to get the data:

    #include <windows.h>
    #include <iostream>
    int main()
    {
        DWORD pid;
        int** buffer = NULL;
        cout << "Current PID: " << GetCurrentProcessId();
        cout << "\nTarget PID: ";
        cin >> pid;
        HANDLE hProcess = OpenProcess(PROCESS_VM_READ, false, pid);
        if (hProcess == NULL)
        {
            int error = GetLastError();
            cout << "OpenProcess error: " << error << endl;
            return EXIT_FAILURE;
        }
        int** pp = NULL;
        BOOL ret = 0;
        LPCVOID address = (LPCVOID)0xd3fe20;
        ret = ReadProcessMemory(hProcess, address, &pp, sizeof(int**), 0);
        printf("pp = %x\n", pp);
    
        int* p = NULL;
        ret = ReadProcessMemory(hProcess, pp, &p, sizeof(int*), 0);
        printf("p = %x\n", p);
    
        int data = 0;
        ret = ReadProcessMemory(hProcess, (LPCVOID)p, &data, sizeof(int), 0);
        printf("data = %d\n", data);
    
        CloseHandle(hProcess);
        return 0;
    }
    

    Result: enter image description here