No access reading memory

**BlueSkittles** · 11-17-2012

Every time I try to read process memory it tells me I don't have access. I tried using GetLastError and it kept returning error 998, which tells me I don't have access. Am I using VirtualProtect wrong or what? Can someone help me out? Thanks.

Code:

#include <iostream>
#include <Windows.h>
#include <TlHelp32.h>

using namespace std;

int main()
{

	HANDLE openprocess;
	PROCESSENTRY32 pEntry;
	MODULEENTRY32 mEntry;
	
	HANDLE processes  = CreateToolhelp32Snapshot(TH32CS_SNAPALL, NULL);

	
	Process32First(processes, &pEntry);

	while(Process32Next(processes, &pEntry))
	{
		if(strcmp(pEntry.szExeFile, "test.exe")==0)
		{
			break;
		}
	}
	
	HANDLE process = CreateToolhelp32Snapshot(TH32CS_SNAPALL, pEntry.th32ProcessID);

	Module32First(process, &mEntry);

	int a = (int)mEntry.modBaseAddr;
	int s = (int)mEntry.modBaseSize;
	BYTE* b;
	b = new BYTE[s];

	cout<< mEntry.szModule << " " << hex << a << endl;

	while(true)
	{
		bool a = Module32Next(process, &mEntry);
		if(a == false)
		{
			break;
		}
		cout<< mEntry.szModule << " " << hex << (int)mEntry.modBaseAddr << endl;
		
	}
	
	
	openprocess = OpenProcess(PROCESS_VM_READ|PROCESS_VM_OPERATION, 0, pEntry.th32ProcessID);

	DWORD old = 0;
	
	VirtualProtectEx(openprocess,(LPVOID)a, s, PAGE_READWRITE, &old);
	
	
	

	if(!ReadProcessMemory(openprocess, (LPCVOID)a, &b, s, 0))
	{
		cout<< "fail";
	}

	cout<< b[0];
	
	cin.get();

}

**[implicit]** · 11-18-2012

Try checking the VirtualProtectEx return. Also, you may need PAGE_EXECUTE_READWRITE depending on if you're reading bytes from the .code section, and the PROCESS_QUERY_INFORMATION flag in the handle.

**Fovea** · 11-18-2012

Your call to ReadProcessMemory is wrong (though it is probably not the problem). You supply the address of b as the buffer in which the data is to be written to instead of the allocated data (new BYTE[s]).

Make sure your process has the right privileges in order to perform reads and page access protection changes.

**Jason** · 11-18-2012

Originally Posted by Fovea

Your call to ReadProcessMemory is wrong (though it is probably not the problem). You supply the address of b as the buffer in which the data is to be written to instead of the allocated data (new BYTE[s]).

Make sure your process has the right privileges in order to perform reads and page access protection changes.

And perhaps the fact that he's calling OpenProcess with only OPERATION access? From MSDN, ReadProcessMemory requires a process handle that has PROCESS_VM_READ access attached to it.

**[MPGH]master131** · 11-18-2012

Originally Posted by Jason

And perhaps the fact that he's calling OpenProcess with only OPERATION access? From MSDN, ReadProcessMemory requires a process handle that has PROCESS_VM_READ access attached to it.

Code:

openprocess = OpenProcess(PROCESS_VM_READ|PROCESS_VM_OPERATION, 0, pEntry.th32ProcessID);

**Jason** · 11-18-2012

Originally Posted by master131

Code:

openprocess = OpenProcess(PROCESS_VM_READ|PROCESS_VM_OPERATION, 0, pEntry.th32ProcessID);

Fuck this hangover.

**Hell_Demon** · 11-19-2012

You're removing the execution rights from the entire module as well..

**R3Dx666†** · 11-24-2012

Originally Posted by BlueSkittles

Every time I try to read process memory it tells me I don't have access. I tried using GetLastError and it kept returning error 998, which tells me I don't have access. Am I using VirtualProtect wrong or what? Can someone help me out? Thanks.

Code:

#include <iostream>
#include <Windows.h>
#include <TlHelp32.h>

using namespace std;

int main()
{

	HANDLE openprocess;
	PROCESSENTRY32 pEntry;
	MODULEENTRY32 mEntry;
	
	HANDLE processes  = CreateToolhelp32Snapshot(TH32CS_SNAPALL, NULL);

	
	Process32First(processes, &pEntry);

	while(Process32Next(processes, &pEntry))
	{
		if(strcmp(pEntry.szExeFile, "test.exe")==0)
		{
			break;
		}
	}
	
	HANDLE process = CreateToolhelp32Snapshot(TH32CS_SNAPALL, pEntry.th32ProcessID);

	Module32First(process, &mEntry);

	int a = (int)mEntry.modBaseAddr;
	int s = (int)mEntry.modBaseSize;
	BYTE* b;
	b = new BYTE[s];

	cout<< mEntry.szModule << " " << hex << a << endl;

	while(true)
	{
		bool a = Module32Next(process, &mEntry);
		if(a == false)
		{
			break;
		}
		cout<< mEntry.szModule << " " << hex << (int)mEntry.modBaseAddr << endl;
		
	}
	
	
	openprocess = OpenProcess(PROCESS_VM_READ|PROCESS_VM_OPERATION, 0, pEntry.th32ProcessID);

	DWORD old = 0;
	
	VirtualProtectEx(openprocess,(LPVOID)a, s, PAGE_READWRITE, &old);
	
	
	

	if(!ReadProcessMemory(openprocess, (LPCVOID)a, &b, s, 0))
	{
		cout<< "fail";
	}

	cout<< b[0];
	
	cin.get();

}

you do relise it will be detected? and what game is this for btw?

**'Bruno** · 11-26-2012

Originally Posted by jameshk67

you do relise it will be detected? and what game is this for btw?

It doesnt matter, some people just want to learn first. Not everyone jumps into a dll hack and leech like a mad guy.

**WoLfulus** · 01-09-2015

i know its old, but the problem is here:

if(!ReadProcessMemory(openprocess, (LPCVOID)a, &b, s, 0))

b is already a pointer, you're passing the pointer to the pointer, that will fail.

if(!ReadProcessMemory(openprocess, (LPCVOID)a, b, s, 0))

this should do the trick

Thread: No access reading memory

Thread Tools

Display

No access reading memory

The Following User Says Thank You to Fovea For This Useful Post:

The Following User Says Thank You to 'Bruno For This Useful Post:

Similar Threads

[Help] Reading Memory Problem / If

[VB.Net] Read Memory

Dll's and accessing program memory

[Request] Write/Read Memory Tutorial

Ventrilo Read Memory