How could I convert a char to a string C++ (read memory)

Question

0.00/5 (No votes)

See more:

am trying to read a string from a dummy program that i have made am using a kernel driver to communicate with my usermode app. i have made it like this

void* response // to read the response or to send it to my driver so it reads it
so am using a template to read memory its this

C++

template <typename T>
T read(UINT_PTR ProcessId, UINT_PTR ReadAddress,SIZE_T Size)
{
    if (hDriver == INVALID_HANDLE_VALUE)
        return (T)false;

    DWORD Return, Bytes;
    KERNEL_READ_REQUEST ReadRequest;

    ReadRequest.ProcessId = ProcessId;
    ReadRequest.Address = ReadAddress;
    ReadRequest.Size = Size ? Size : sizeof(T);

    // send code to our driver with the arguments
    if (DeviceIoControl(hDriver, IO_READ_REQUEST, &ReadRequest,
        sizeof(ReadRequest), &ReadRequest, sizeof(ReadRequest), 0, 0))
        return (T)ReadRequest.Response;
    else
        return false;
}

so as you can see return (T)ReadRequest.Response; it returns the value to the driver now in my code am trying to convert a char to a string like this but it does not shows me the whole string the string i want to read is DefaultString but it reads it like this String found: DefaultS$ any help would be appreciated and btw am trying to learn about drivers note : Educational Purposes

What I have tried:

C++

char* p = Driver.read<char*>(processid, 0x2A1575F818, sizeof(p));
const char* add = reinterpret_cast<const char*>(&p);
std::string str = add;
printf("String found: %s\n", str.c_str());

Posted 11-Sep-18 9:10am

Member 13980942

Updated 11-Sep-18 11:32am

Rick York

v2

Add a Solution

Comments

Richard MacCutchan 12-Sep-18 3:51am

Most device drivers deal only in bytes, they do not care what the data structure is. So you should just be requesting a number of bytes from the driver. For example if T is char* and Size is not specified you will only read the number of bytes in a pointer, which is generally 4.

Member 13980942 12-Sep-18 8:59am

@Richard MacCutchan but how could i read more than that 4 bytes or 8 i tried to put a buffer number like (pram1,pram2,255) but it does not work like that and its out puts some useless chars how could i read the full string ? thanks in advance

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CPallini · Answer 1 · 2018-09-11T09:20:00

Solution 1

You are reading too few characters (namely sizeof(p) that is, probably, 8).

Posted 11-Sep-18 9:20am

CPallini

Comments

Member 13980942 11-Sep-18 15:27pm

@CPallini but how could i read it fine then ? thank you for your answer

Member 13980942 11-Sep-18 15:31pm

and how could i read more than 8chars ?

Member 13863239 11-Sep-18 15:46pm

I would also like to know, @CPallini Thanks!

Rick York · Answer 2 · 2018-09-11T11:33:00

Mr. Pallini is on the right track. Your code has this :

ReadRequest.Size = Size ? Size : sizeof(T);

and it is the sizeof(T) statement that is the problem. You can fix this in at least two ways. One is to adjust the driver so if it is passed a size of zero it will return how many bytes the string actually has and then you request exactly that amount. There are a few Windows API functions that work this way. The other way is to define a maximum size and make sure your text buffer is at least that big. Either way, you need to pass the size of a text buffer to the driver, not just the size of the pointer. Here is an example:

char* p = Driver.read<char*>( processid, 0x2A1575F818, 255 );

I picked 255 as a big text buffer size. In the driver, the size should be considered a maximum like in a call to strncpy. It should probably only copy text until it finds the null.