Click here to Skip to main content
14,484,788 members
Rate this:
Please Sign up or sign in to vote.
See more:
I have a string defined as

std::string str ("This is my Test String");
std::cout << str.c_str() << std::endl;


I want to read the memory location of str, which should contain "This is my Test String" and get back the value of "This is my Test String"
I am attempting to read the string as so.
void WorkerThread::ReadMemorySpecific(void* pAddr, SIZE_T count)
	char buff[8192]; 
		ZeroMemory(buff, sizeof(buff));
		SIZE_T bytesRead;
	HANDLE currentProcess = GetCurrentProcess();
		std::ofstream outFile("PATH_TO_FILE\\string.dat", std::ios::out | std::ios::binary);
	ReadProcessMemory(currentProcess,(LPVOID)pAddr,&buff,count+1,&bytesRead);
	outFile.write(buff,sizeof(buff));
	outFile.flush();
	outFile.close();
	std::cout<< "Possible err: " << GetLastError() << std::endl;

	for(int j = 0; j <8192; j++)
		printf("%02X\n",buff[j]);


I am in the current process therefore I shouldn't need to enable debug privileges. I can verify the size & the address of the memory location are correct because I call this function as:

WorkerThread wt; 
wt.ReadMemorySpecific(&str, str.length());


I can't seem to get my string back as ascii text no matter, what I do, I've tried dumping to a binary file and converting the binary back to ascii, I've tried converting the hex. Any suggestions?
Posted
Comments
CdnSecurityEngineer 24-Jan-14 13:12pm
   
Wouldn't reading the string, prevent the compile from optimizing that ?
Rate this:
Please Sign up or sign in to vote.

Solution 2

&str gives the string object address (not the address of its internal buffer).
Try, for instance:
std::string foo = "foo"; 
std::cout << (char *) &foo << std::endl;


as opposed to
std::string foo = "foo"; 
std::cout << foo.data() << std::endl;
   
Comments
CdnSecurityEngineer 24-Jan-14 13:16pm
   
OK.... Sure but when you, consider virtual memory allocation. I need to pass the address of the internal buffer, to the function that's reading it. I can't print, stop the the program and then adjust the address I wish for it to read from. Even if I did char* pFoo = "str" and I pass pFoo I am passing a pointer to the memory that contains "str", right??? I still don't get the "str" back.
CPallini 24-Jan-14 13:35pm
   
I don't get you. To me your code is simply looking at the wrong address.
CdnSecurityEngineer 24-Jan-14 13:41pm
   
OK, lets assume, the code is looking at the wrong address. How would you change this function call wt.ReadMemorySpecific(&str, str.length()); to make it point at the right address. str.c_str()?
CPallini 24-Jan-14 13:46pm
   
wt.ReadMemorySpecific(str.data(), str.length());
CdnSecurityEngineer 24-Jan-14 13:51pm
   
Ok. So you were correct, I was considering the wrong address.
wt.ReadMemorySpecific(str.c_str(), str.length());
or your solution will also work.
CPallini 24-Jan-14 15:07pm
   
I am right, of course, did you have any doubt? :-D
Rate this:
Please Sign up or sign in to vote.

Solution 1

Have you tried looking at the executable file itself in a hex editor like Hhd[^]?

Compiler optimizations may optimize the variable right out and put the string in the data section of the EXE, or even directly in the code region.
   
Comments
CdnSecurityEngineer 24-Jan-14 13:17pm
   
Wouldn't reading the string, prevent the compile from optimizing that ?
Ron Beyer 24-Jan-14 13:29pm
   
Some compilers are pretty smart, and remember that they compile to generate the EXE, what you do later has no effect on how the compiler optimizes it. Some compilers are so smart that they will remove entire loops or inline functions without you explicitly setting them to.
CdnSecurityEngineer 24-Jan-14 13:42pm
   
So what would be your suggestion? I am using VS2012, I just need to get this POC working.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100