Grabbing memory from another process

StackOverflow https://stackoverflow.com/questions/1771096

  •  21-09-2019
  •  | 
  •  

Question

in Windows, lets say I have used DLL Injection to get into another process. I have also done some screencaptures of the memory on the process I have injected into and know the location of the data I want to pull out. Lets say there is data in the other process at 0xaaaaaaaa that contains a certain value. How do I grab this value from that process so I can use it in my injecting app? Since I am injected into the process, can I just use something like memcpy?

memcpy(value, 0xaaaaaaaa, 10);

I'm assuming it's probably more involved than this?

EDIT: To the responses below, I don't see how WM_COPYDATA helps me as it is for sending data to another application, not for retrieving data FROM an existing application.

Was it helpful?

Solution

You should be able to use the ReadProcessMemory function.

See also How to write a Perl, Python, or Ruby program to change the memory of another process on Windows?

OTHER TIPS

In Windows every process addresses its own memory. That means you cannot do something like memcpy having two pointers that point to memory of two different processes.

You can consider any option of interprocess communication: memory mapped files, sockets, named pipes, event window messages.

Here is more information about IPC

Try out WM_COPYDATA and take the help from MSDN pertaining to it.

The following IPC mechanisms are supported by Windows:

Clipboard
COM
Data Copy
DDE
File Mapping
Mailslots
Pipes
RPC
Windows Sockets

more details here Interprocess Communications

in your case I would use WM_COPYDATA Message

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top