samedi 28 mars 2015

Dump Process Memory

I am trying to dump process memory using the following:



bool DumpMemory()
{
    PBYTE bModMemory = static_cast<PBYTE>(VirtualAlloc(NULL, dwModSize, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE));
    memset(bModMemory, 0, dwModSize);

    SIZE_T nBytesRead = 0;
    BOOL ret;

    printf("PROC HANDLE: %i\n", hProcess);
    printf("CLIENT BASE: %#08x\nCLIENT SIZE: %#08x\n", dwModBase, dwModSize);

    ret = ReadProcessMemory(hProcess, (LPCVOID)dwModBase, &bModMemory, dwModSize, &nBytesRead);
    printf("READ: %#08x\n", nBytesRead);
    if (!ret) return false;

    return true;
}


However, it doesnt seem to work. I am able to get the process handle, module address, and module size fine, but when I am trying to dump the modules memory it keeps failing.


This is the output:



PROC HANDLE: 108
MOD BASE: 0x1a6e0000
MOD SIZE: 0x4c5b000
READ: 00000000
FAIL!


Am I approaching this incorrectly? Any help would be appreciated.


Thanks.


Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)