Read text from notepad process memory [closed]

https://stackoverflow.com/questions/20460073

30-08-2022
|

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist

Closed 8 years ago.

Improve this question

I want to read the entire memory of notepad, and write the output to a text file. If I type something in notepad, I do not find what I type in the output. This is the code:

HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, entry.th32ProcessID);
char* ptr = 0;
MEMORY_BASIC_INFORMATION info;
while(ptr<=(char*)0x7FFF0000)
{
    VirtualQueryEx(hProcess,(LPCVOID)ptr,&info,sizeof(info));
    if((info.AllocationProtect==0x04) || (info.AllocationProtect==0x10) || 
       (info.AllocationProtect==0x20) || (info.AllocationProtect==0x40) || 
       (info.AllocationProtect==0x80) || (info.AllocationProtect==0x02) || 
       (info.AllocationProtect==0x08))
    {
        int bytes_to_read = (int)info.RegionSize;
        char *buffer = NULL;
        buffer = (char *)malloc(info.RegionSize);
        ReadProcessMemory(hProcess,
                          info.BaseAddress,
                          &buffer,
                          bytes_to_read,
                          NULL);
        ofstream out;
        out.open("test.txt",ios_base::app);
        out << buffer;
        out.close();
    }
    ptr += info.RegionSize;
}

Solution

You cannot write a buffer like that. C++ assumes it contains a 0-terminated string.

Try

out.write(buffer, bytes_to_read);

Also open the file with the flags

ios::binary | ios::out

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow