ReadProcessMemory - Read 8 byte [solved]

I need to read from an address as 8 byte. I am using a slightly modified function from PheNix'es Undetected Module Maker.
[highlight=VB.net]SomeString = (ReadLong(&HAddress, 8))[/highlight]
The function works as long as the bytes are 4 or below, But if I use 8 or above it will read it as 4 byte.

[highlight=VB.net]Private Declare Function KGCDGTJAWN Lib "kernel32" Alias "OpenProcess" (ByVal dwDesiredAccess As Integer, ByVal bInheritHandle As Integer, ByVal dwProcessId As Integer) As Integer

Private Declare Function EFJKPZAUQL Lib "kernel32" Alias "CloseHandle" (ByVal hObject As Integer) As Integer

Private Declare Function ReadProcessMemory Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByRef lpBuffer As Integer, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Integer

Dim GWXUSXTOUE As Long

'ReadLong
Public Function ReadLong(ByVal Address As Integer, ByVal Bytes As Integer)
Dim BlackOpsLookUp As Process() = Process.GetProcessesByName("BlackOps")
If BlackOpsLookUp.Length = 0 Then
Return Nothing
Exit Function
End If
Dim processHandle As IntPtr = KGCDGTJAWN(&H1F0FFF, 0, BlackOpsLookUp(0).Id)
ReadProcessMemory(processHandle, Address, GWXUSXTOUE, Bytes, Nothing)
Return GWXUSXTOUE
EFJKPZAUQL(processHandle)
End Function[/highlight]

Resume:
If I try to read a type above 4 byte, then it will ignore what byte I wrote and return it as 4 byte.

Wrong declaration is wrong. In your ReadProcessMemory declaration, its expecting an Integer (4 bytes) but instead you pass a Long (8 bytes) so it implicitly converts the Long into an Integer and then returns the value.

Put Option Strict On at the top of the form/module and you'll be amazed at how many implicit conversions you've made in that code.

Anyway, let's cut to the chase. This should work, didn't actually test it.
[highlight=vb.net]Private Declare Function KGCDGTJAWN Lib "kernel32" Alias "OpenProcess" (ByVal dwDesiredAccess As Integer, ByVal bInheritHandle As Integer, ByVal dwProcessId As Integer) As Integer

Private Declare Function EFJKPZAUQL Lib "kernel32" Alias "CloseHandle" (ByVal hObject As IntPtr) As Integer

<DllImport("kernel32.dll", SetLastError:=True)> _
Public Shared Function ReadProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, <Out()> ByVal lpBuffer() As Byte, ByVal dwSize As Integer, ByRef lpNumberOfBytesRead As Integer) As Boolean
End Function

Public Function Read8Byte(ByVal Address As Integer) As Long 'Always declare the return type
Dim BlackOpsLookUp As Process() = Process.GetProcessesByName("BlackOps")
If BlackOpsLookUp.Length = 0 Then
MsgBox("CoD was not found", MsgBoxStyle.Information, "M-efti's Trainer - Error")
Return Nothing
Exit Function
End If

Dim processHandle As IntPtr = New IntPtr(KGCDGTJAWN(&H1F0FFF, 0, BlackOpsLookUp(0).Id))
Dim lngBuffer(7) As Byte
ReadProcessMemor1(processHandle, New IntPtr(Address), lngBuffer, 8, 0)
EFJKPZAUQL(processHandle) 'Close the handle before returning the value
Return BitConverter.ToInt64(lngBuffer, 0)
End Function[/highlight]

Here's a good alternative that will work with nearly all data types (don't use this for strings!), didn't test again but should work:
[highlight=vb.net]<DllImport("kernel32.dll", SetLastError:=True)> _
Public Shared Function ReadProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, <Out()> ByVal lpBuffer() As Byte, ByVal dwSize As Integer, ByRef lpNumberOfBytesRead As Integer) As Boolean
End Function

Public Function ReadMemory(Of T)(ByVal processHandle As IntPtr, ByVal address As Integer) As T
Dim t_size As Integer = Marshal.SizeOf(GetType(T))
Dim t_buffer(t_size-1) As Byte
ReadProcessMemory(processHandle, New IntPtr(address), t_buffer, t_size, 0)
Dim gch As GCHandle = GCHandle.Alloc(t_buffer, GCHandleType.Pinned)
Dim ret As T = CType(Marshal.PtrToStructure(gch.AddrOfPinnedObjec t, GetType(T)), T)
gch.Free()
Return ret
End Function[/highlight]

Usage:
Dim value As Long = ReadMemory(Of Long)(processHandle, &HAddress)
Dim value As Integer = ReadMemory(Of Integer)(processHandle, &HAddress)

@master131

[highlight=VB.net]Public Function Read8Byte(ByVal Address As Integer)
Dim BlackOpsLookUp As Process() = Process.GetProcessesByName("BlackOps")
If BlackOpsLookUp.Length = 0 Then
MsgBox("CoD was not found", MsgBoxStyle.Information, "M-efti's Trainer - Error")
Return Nothing
Exit Function
End If
Dim processHandle As IntPtr = KGCDGTJAWN(&H1F0FFF, 0, BlackOpsLookUp(0).Id)

Dim lngBuffer(7) As Byte
ReadProcessMemor1(processHandle, Address, lngBuffer, 8, 0)
EFJKPZAUQL(processHandle) 'Close the handle before returning the value
Return BitConverter.ToInt64(lngBuffer, 0)
End Function[/highlight]
Gives an error when being run.
The methods type signature is not compatible with Interop.
Translated from Danish so its not accurate.

Hmm, try this instead, I tested it, works fine:
[highlight=vb.net]
Private Declare Function KGCDGTJAWN Lib "kernel32" Alias "OpenProcess" (ByVal dwDesiredAccess As Integer, ByVal bInheritHandle As Integer, ByVal dwProcessId As Integer) As IntPtr

Private Declare Function EFJKPZAUQL Lib "kernel32" Alias "CloseHandle" (ByVal hObject As IntPtr) As Integer

<DllImport("kernel32.dll", SetLastError:=True)> _
Public Shared Function ReadProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, <Out()> ByVal lpBuffer() As Byte, ByVal dwSize As Integer, ByRef lpNumberOfBytesRead As Integer) As Boolean
End Function

Public Function Read8Byte(ByVal Address As Integer) As Long 'Always declare the return type
Dim BlackOpsLookUp As Process() = Process.GetProcessesByName("BlackOps")
If BlackOpsLookUp.Length = 0 Then
MsgBox("CoD was not found", MsgBoxStyle.Information, "M-efti's Trainer - Error")
Return Nothing
Exit Function
End If

Dim processHandle As IntPtr = KGCDGTJAWN(&H1F0FFF, 0, BlackOpsLookUp(0).Id)
Dim lngBuffer(7) As Byte
ReadProcessMemor1(processHandle, New IntPtr(Address), lngBuffer, 8, 0)
EFJKPZAUQL(processHandle) 'Close the handle before returning the value
Return BitConverter.ToInt64(lngBuffer, 0)
End Function
[/highlight]

But you should seriously consider the example I used in the other post (I've edited and fixed it). I fixed the ReadProcessMemory decleration and it's reusable on nearly all data types. You can even read a structure using that function. There's also nothing that's "undetected" about the code you gave me. It just jumbles some of the function names but essentially it still uses ReadProcessMemory (note the 'Alias').

The other function gives the exact same error as the first one.

I will try the code you just posted now.
And btw I know that its not undetected.

Edit:

[highlight=VB.net] Public Function ReadProcessMemor1(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, <Out()> ByVal lpBuffer() As Byte, ByVal dwSize As Integer, ByRef lpNumberOfBytesRead As Integer) As Boolean
End Function

Public Function Read8Byte(ByVal Address As Integer) As Long
Dim BlackOpsLookUp As Process() = Process.GetProcessesByName("BlackOps")
If BlackOpsLookUp.Length = 0 Then
MsgBox("CoD was not found", MsgBoxStyle.Information, "M-efti's Trainer - Error")
Return Nothing
Exit Function
End If

Dim processHandle As IntPtr = New IntPtr(KGCDGTJAWN(&H1F0FFF, 0, BlackOpsLookUp(0).Id))
Dim lngBuffer(7) As Byte
ReadProcessMemor1(processHandle, New IntPtr(Address), lngBuffer, 8, 0)
EFJKPZAUQL(processHandle) 'Close the handle before returning the value
Return BitConverter.ToInt64(lngBuffer, 0)
End Function[/highlight]

This time it didn't give an error. It just returned 0

Thanks Jason.
I already had Interop imported, but the rest made it work

Solved!