ReadProcessMemory fails with 299,...

  • Thread starter Thread starter Kerem Gümrükcü
  • Start date Start date
K

Kerem Gümrükcü

Hi,

can someone postme a running sample of the
ReadProcessMemory(...) function. I would
like to dump the complete memory of the main
module in my application e.g MyApplication.exe
into a file. Here is a working example of the API
import call:

[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool ReadProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
[Out()] byte[] lpBuffer,
int dwSize,
out int lpNumberOfBytesRead
);

The point is, that i get always a 299 (i know what it means!)
for this call:

Process p = Process.GetCurrentProcess();
string MemoryDumpFileName = p.MainModule.FileName + ".mem";
byte[] ProcessMemory = new byte[p.MainModule.ModuleMemorySize];
int NumberOfBytesRead = 0;

....


hProcess =
DRWin32APIClass.OpenProcess(DRWin32APIClass.ProcessAccessFlags.QueryInformation
|
DRWin32APIClass.ProcessAccessFlags.VMOperation |
DRWin32APIClass.ProcessAccessFlags.VMRead,
false,
(uint) p.Id);


bool _ret = DRWin32APIClass.ReadProcessMemory(p.Handle,
p.MainModule.BaseAddress,
ProcessMemory,
p.MainModule.ModuleMemorySize,
out NumberOfBytesRead);

_ret is false (GetLastError=299) and lpNumberOfBytesRead is 0, why?
I also enabled any possible privilige in my application including debugging!
Handle to process and ID is valid, confirmed!

Thanks is advance,..

Regards

Kerem


--
 
Kerem Gümrükcü said:
Hi,

can someone postme a running sample of the
ReadProcessMemory(...) function. I would
like to dump the complete memory of the main
module in my application e.g MyApplication.exe
into a file. Here is a working example of the API
import call:
Click to expand...

Since you want the current process, try using the pseudo-handle (-1) for it
instead of OpenProcess?
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool ReadProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
[Out()] byte[] lpBuffer,
int dwSize,
out int lpNumberOfBytesRead
);

The point is, that i get always a 299 (i know what it means!)
for this call:

Process p = Process.GetCurrentProcess();
string MemoryDumpFileName = p.MainModule.FileName + ".mem";
byte[] ProcessMemory = new byte[p.MainModule.ModuleMemorySize];
int NumberOfBytesRead = 0;

...


hProcess =
DRWin32APIClass.OpenProcess(DRWin32APIClass.ProcessAccessFlags.QueryInformation
|
DRWin32APIClass.ProcessAccessFlags.VMOperation |
DRWin32APIClass.ProcessAccessFlags.VMRead,
false,
(uint) p.Id);


bool _ret = DRWin32APIClass.ReadProcessMemory(p.Handle,
p.MainModule.BaseAddress,
ProcessMemory,
p.MainModule.ModuleMemorySize,
out NumberOfBytesRead);

_ret is false (GetLastError=299) and lpNumberOfBytesRead is 0, why?
I also enabled any possible privilige in my application including
debugging!
Handle to process and ID is valid, confirmed!

Thanks is advance,..

Regards

Kerem


--
-----------------------
Beste Grüsse / Best regards / Votre bien devoue
Kerem Gümrükcü
Latest Project: http://www.codeplex.com/restarts
Latest Open-Source Projects: http://entwicklung.junetz.de
Click to expand...
 
Back
Top