Read/write the memory from another process with vb.net

StackOverflow https://stackoverflow.com/questions/20828976

  •  22-09-2022
  •  | 
  •  

Question

I want to access the virtual memory allocated to a specific process (I have the process name, and can hence get the process ID etc.). Ideally I want to be able to read from it, to recognise pattens (work out where the bits I'm interested in are) and then modify some values and write over the virtual memory.

Is this possible, any idea's of what MSDN pages might set me on the correct path.

Just to be clear the memory isn't that of my VB.NET application. It's a separate process.

Was it helpful?

Solution

You said you were okay with getting the process ID.

You then need to use OpenProcess to get a handle to the process.

Once you have the handle, you can then use ReadProcessMemory to read chunks of the other processes memory space.

However, you need to know the address you are reading from. If the area you request isn't actually committed memory then the function will fail.

PS. The declare for ReadProcessMemory should look something like

public declare unicode function ReadProcessMemory lib "kernel32" alias "ReadProcessMemory"(hProcess as IntPtr,lpBaseAddress as IntPtr,byref lpBuffer as byte(),dwSize as integer,byref lpNumberOfBytesRead as integer) as boolean

That declare assumes that the process doing the reading and the process being read are both either 32 bit or 64 bit, not one of each. TBH, I don't know how / if it would work with different bit-nesses.

OTHER TIPS

This may be a bit over the top, but if you know a bit of MASM assembly, you could easily make a library that could read memory directly, then filter through the results. But this might be a bit too much work for the project you had in mind.

Use an ASM assembler and disassembler and integrate the libraries into your application.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top