c＃ReadProcessMemory - 既知の値を持つアドレスを読み取る

Question

ハンドルがゼロの値を返していることがわかりました。プロセスを検出していませんか？

編集2
コードを短くして問題を発見しました。
回答が投稿されました。

---

さて、それでは、右にジャンプしてみましょう。私はの価値を知っているアドレスの値を読み取ろうとしていますが、何らかの理由で、私は""の戻り値を取得するには、基本的にそれがのバイトを返します00-00-00 ....など。

私の質問：それは私のコードですか、それとも私の住所ですか？ 私はメモ帳でテストした64ビット用のこのコードをもう一度繰り返していますが、うまくいきます。コードは私の64ビットコードとほとんど同じです。

私は、もっと深く掘り下げてより多くのポインタとオフセットを見つけなければならないと感じています。コードは大丈夫ですが、私はこのコードのすべてに新しいので、コードから始めましょう。

//Memory_Manager using_memory_manager = new Memory_Manager(); 
//Memory_Resources using_memory_resources = new Memory_Resources(); 
class Memory_Manager 
{ 
    public string memory_manager(string _command, string _offset , string _panelid, string _typeid, string _textboxid) 
    { 
     var activeform = Application.OpenForms.OfType<Form1>().Single(); 
     Misc_Tools using_misc_tools = new Misc_Tools(); 
     Converters using_converters = new Converters(); 
     Splitters using_splitters = new Splitters(); 
     Form_Tools using_form_tools = new Form_Tools(); 
     Process[] p = Process.GetProcessesByName(activeform.comboBoxProcessList.Text); 

     uint DELETE = 0x00010000; 
     uint READ_CONTROL = 0x00020000; 
     uint WRITE_DAC = 0x00040000; 
     uint WRITE_OWNER = 0x00080000; 
     uint SYNCHRONIZE = 0x00100000; 
     uint END = 0xFFF; //if you have Windows XP or Windows Server 2003 you must change this to 0xFFFF 
     uint PROCESS_ALL_ACCESS = (DELETE | READ_CONTROL | WRITE_DAC | WRITE_OWNER | SYNCHRONIZE | END); 

     string gettext = using_form_tools.form_control_search(_panelid, _typeid, _textboxid); 
     string _address = activeform.textBoxRead.Text; 
     int object_size = Convert.ToInt32(activeform.textBoxObjectSize.Text); //set the size that will be array size 
     byte[] readbuffer = new byte[object_size];//create an array of bytes for reading based on size 
     byte[] bytestowrite = Encoding.Unicode.GetBytes(gettext); 
     IntPtr ptrBytes;   
     IntPtr processHandle = Memory_Resources.OpenProcess(PROCESS_ALL_ACCESS, 1, Convert.ToInt32(p[0].Id)); 
     int size = gettext.Length*2; 
     int bytesReaded; 

     if (_address.Length == 11 && _command == "read") 
     { 
      Int64 _offsett = Int64.Parse(_offset, System.Globalization.NumberStyles.HexNumber); 
      Int64 _address64bit = Int64.Parse(activeform.textBoxRead.Text, System.Globalization.NumberStyles.HexNumber); 
      Int64 _finaladdress = _address64bit + _offsett; 
      Console.WriteLine("Reading 64bit memory " + "\r\n" + "Address set to " + _finaladdress + "\r\n" + "Bytes to read set to " + object_size + "\r\n"); 
      activeform.textBoxUpdate.AppendText("Reading 64bit memory " + "\r\n" + "Address set to " + _finaladdress + "\r\n" + "Bytes to read set to " + object_size + "\r\n"); 
      Memory_Resources.ReadProcessMemory(processHandle, _finaladdress, readbuffer, object_size, out ptrBytes); 
      bytesReaded = ptrBytes.ToInt32(); 
      Memory_Resources.CloseHandle(processHandle); 
      return Encoding.Unicode.GetString(readbuffer); 
     }    
     else if (_address.Length == 8 && _command == "read") 
     { 
      Int32 _offsett = Int32.Parse(_offset, System.Globalization.NumberStyles.HexNumber); 
      Int32 _address32bit = Int32.Parse(activeform.textBoxRead.Text, System.Globalization.NumberStyles.HexNumber); 
      Int32 _finaladdress = _address32bit + _offsett; 
      Console.WriteLine("Reading 32bit memory " + "\r\n" + "Address set to " + _finaladdress + "\r\n" + "Bytes to read set to " + object_size + "\r\n"); 
      activeform.textBoxUpdate.AppendText("Reading 64bit memory " + "\r\n" + "Address set to " + _finaladdress + "\r\n" + "Bytes to read set to " + object_size + "\r\n"); 
      Memory_Resources.ReadProcessMemory(processHandle, _finaladdress, readbuffer, object_size, out ptrBytes); 
      bytesReaded = ptrBytes.ToInt32(); 
      Memory_Resources.CloseHandle(processHandle); 
      return Encoding.Unicode.GetString(readbuffer); 
     } 
     else if (_address.Length == 11 && _command == "write") 
     { 
      Int64 _offsett = Int64.Parse(_offset, System.Globalization.NumberStyles.HexNumber); 
      Int64 _address64bit = Int64.Parse(activeform.textBoxRead.Text, System.Globalization.NumberStyles.HexNumber); 
      Int64 _finaladdress = _address64bit + _offsett; 
      Console.WriteLine("Writing 64bit memory " + "\r\n" + "Address set to " + _finaladdress + "\r\n" + "Bytes to write set to " + Encoding.Unicode.GetString(bytestowrite) + "\r\n"); 
      activeform.textBoxUpdate.AppendText("Reading 64bit memory " + "\r\n" + "Address set to " + _finaladdress + "\r\n" + "Bytes to read set to " + object_size + "\r\n"); 
      Memory_Resources.WriteProcessMemory(processHandle, _finaladdress, bytestowrite, size, out ptrBytes); 
      bytesReaded = ptrBytes.ToInt32(); 
      Memory_Resources.CloseHandle(processHandle); 
      return BitConverter.ToString(bytestowrite); 
     } 
     else if (_address.Length == 8 && _command == "write") 
     { 
      Int32 _offsett = Int32.Parse(_offset, System.Globalization.NumberStyles.HexNumber); 
      Int32 _address32bit = Int32.Parse(activeform.textBoxRead.Text, System.Globalization.NumberStyles.HexNumber); 
      Int32 _finaladdress = _address32bit + _offsett; 
      Console.WriteLine("Writing 32bit memory " + "\r\n" + "Address set to " + _finaladdress + "\r\n" + "Bytes to write set to " + Encoding.Unicode.GetString(bytestowrite) + "\r\n"); 
      activeform.textBoxUpdate.AppendText("Reading 64bit memory " + "\r\n" + "Address set to " + _finaladdress + "\r\n" + "Bytes to read set to " + object_size + "\r\n"); 
      Memory_Resources.WriteProcessMemory(processHandle, _finaladdress, bytestowrite, size, out ptrBytes); 
      bytesReaded = ptrBytes.ToInt32(); 
      Memory_Resources.CloseHandle(processHandle); 
      return BitConverter.ToString(bytestowrite); 
     } 
     return ("Could not read memory " + "\r\n"); 
    } 
} 

class Memory_Resources 
{ 
    [DllImport("kernel32.dll")] 
    public static extern bool ReadProcessMemory(IntPtr hProcess, Int32 lpBaseAddress, byte[] buffer, int size, out IntPtr lpNumberOfBytesRead); 

    [DllImport("kernel32.dll")] 
    public static extern bool ReadProcessMemory(IntPtr hProcess, Int64 lpBaseAddress, byte[] buffer, int size, out IntPtr lpNumberOfBytesRead); 

    [DllImport("kernel32.dll")] 
    public static extern bool WriteProcessMemory(IntPtr hProcess, Int32 lpBaseAddress, byte[] buffer, int size, out IntPtr lpNumberOfBytesWritten); 

    [DllImport("kernel32.dll")] 
    public static extern bool WriteProcessMemory(IntPtr hProcess, Int64 lpBaseAddress, byte[] buffer, int size, out IntPtr lpNumberOfBytesWritten); 

    [DllImport("kernel32.dll")] 
    public static extern IntPtr OpenProcess(uint dwDesiredAccess, Int32 bInheritHandle, Int32 dwProcessId); 

    [DllImport("kernel32.dll")] 
    public static extern Int32 CloseHandle(IntPtr hObject); 
} 

Answer 1

前のコードでは、別のtextBoxからの情報を使用していました。その理由は、私が読んでいた正しい値を返さなかったからです。

これは基本的にユーザーエラーです。